Debian Qtbase-Opensource-Src vulnerabilities

CVE-2025-5455 [HIGH] CVE-2025-5455: qt6-base - An issue was found in the private API function qDecodeDataUrl() in QtCore, which... An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit

CVE-2025-30348 [MEDIUM] CVE-2025-30348: qt6-base - encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML stri... encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). Scope: local bookworm: open forky: resolved (fixed in 6.8.2+dfsg-5) sid: resolved (fixed in 6.8.2+dfsg-5) trixie: resolved (fixed in 6.8.2+dfsg-5)

CVE-2025-4211 [HIGH] CVE-2025-4211: qt6-base - Improper Link Resolution Before File Access ('Link Following') vulnerability in ... Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPath API, which can be exploited by attackers to manipulate temporary fi

CVE-2025-5991 [LOW] CVE-2025-5991: qt6-base - There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the Q... There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has

CVE-2025-3512 [MEDIUM] CVE-2025-3512: qt6-base - There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. Th... There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later. Scope: local bookworm: resolved forky: resolved

CVE-2024-39936 [HIGH] CVE-2024-39936: qt6-base - An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x ... An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. Scope: local bookworm: open forky: resolved (fixed in

CVE-2024-25580 [MEDIUM] CVE-2024-25580: qt6-base - An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x be... An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. Scope: local bookworm: open forky: resolved (fixed in 6.6.2+dfsg-8) sid: resolved (fixed in 6.6.2+dfsg-8) trixie: resolved (fixed in 6

CVE-2024-30161 [MEDIUM] CVE-2024-30161: qt6-base - In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a... In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.) Scope: local bookworm: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-51714 [CRITICAL] CVE-2023-51714: qt6-base - An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x be... An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. Scope: local bookworm: open forky: resolved (fixed in 6.4.2+dfsg-21) sid: resolved (fixed in 6.4.2+dfsg-21) trixie: resolved (fix

CVE-2023-32763 [HIGH] CVE-2023-32763: qt6-base - An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x throug... An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. Scope: local bookworm: resolved (fixed in 6.4.2+dfsg-8) forky: resolved (fixed in 6.4.2+dfsg-8) sid: resolved (fixed in 6.4.2+dfsg-8) trixie: resolved (fixed in 6.4

CVE-2023-24607 [HIGH] CVE-2023-24607: qt6-base - Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODB... Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. Scope: local bookworm: resolved (fixed in 6.4.2+dfsg-7) forky: resolved (fixed in 6.4.2+dfsg-7) sid: resolved (fixed in 6.4.2+dfsg-7) trixie: re

CVE-2023-38197 [HIGH] CVE-2023-38197: qt6-base - An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x throu... An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. Scope: local bookworm: open forky: resolved (fixed in 6.6.2+dfsg-8) sid: resolved (fixed in 6.6.2+dfsg-8) trixie: resolved (fixed in 6.6.2+dfsg-8)

CVE-2023-37369 [HIGH] CVE-2023-37369: qt6-base - In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, th... In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. Scope: local bookworm: open forky: resolved (fixed in 6.4.2+dfsg-20) sid: resolved (fixed in 6.4.2+dfsg-20) trixie: resolved (fixed in 6.4.2

CVE-2023-34410 [MEDIUM] CVE-2023-34410: qt6-base - An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x throug... An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. Scope: local bookworm: open forky: resolved (fixed in 6.4.2+dfsg-11) sid: resolved (fixed in 6.4.2+dfsg-11) trixie: resolved (fixed in 6.4.2+dfsg-1

CVE-2023-33285 [MEDIUM] CVE-2023-33285: qt6-base - An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x th... An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. Scope: local bookworm: resolved (fixed in 6.4.2+dfsg-10) forky: resolved (fixed in 6.4.2+dfsg-10) sid: resolved (fixed in 6.4.2+dfsg-10) trixie: resolved (fixed in 6.4.2+dfsg-10)

CVE-2023-32762 [MEDIUM] CVE-2023-32762: qt6-base - An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x throug... An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. Scope: local bookwo

CVE-2023-43114 [MEDIUM] CVE-2023-43114: qt6-base - An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x throu... An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. Scope: local bookworm: resolved forky: resolved sid: resolved t

CVE-2023-45935 [MEDIUM] CVE-2023-45935: qt6-base - Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the fu... Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server. Scope: local bookworm: open forky: open sid: open trixie: open

CVE-2022-25255 [HIGH] CVE-2022-25255: qt6-base - In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX,... In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. Scope: local bookworm: resolved (fixed in 6.2.4+dfsg-4) forky: resolved (fixed in 6.2.4+dfsg-4) sid: resolved (fixed in 6.2.4+dfsg-4) trixie: resolved (fixed in 6.2.4+dfsg-4)

CVE-2022-25634 [HIGH] CVE-2022-25634: qt6-base - Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an un... Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. Scope: local bookworm: resolved forky: resolved sid: resolved trixie: resolved