cbcvebase.

Debian Qtbase-Opensource-Src vulnerabilities

31 known vulnerabilities affecting debian/qtbase-opensource-src.

Total CVEs
31
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM14LOW5

Vulnerabilities

Page 1 of 2
CVE-2018-19873P3LOWCVSS 9.8fixed in qtbase-opensource-src 5.11.3+dfsg-2 (bookworm)2018
CVE-2018-19873 [CRITICAL] CVE-2018-19873: qtbase-opensource-src - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow v... An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. Scope: local bookworm: resolved (fixed in 5.11.3+dfsg-2) bullseye: resolved (fixed in 5.11.3+dfsg-2) forky: resolved (fixed in 5.11.3+dfsg-2) sid: resolved (fixed in 5.11.3+dfsg-2) trixie: resolved (fixed in 5.11.3+dfsg-2)
debian
CVE-2023-51714P3CRITICALCVSS 9.8fixed in qt6-base 6.4.2+dfsg-21 (forky)2023
CVE-2023-51714 [CRITICAL] CVE-2023-51714: qt6-base - An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x be... An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. Scope: local bookworm: open forky: resolved (fixed in 6.4.2+dfsg-21) sid: resolved (fixed in 6.4.2+dfsg-21) trixie: resolved (fix
debian
CVE-2015-1860P3MEDIUMCVSS 6.8fixed in qtbase-opensource-src 5.3.2+dfsg-5 (bookworm)2015
CVE-2015-1860 [MEDIUM] CVE-2015-1860: qtbase-opensource-src - Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Q... Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. Scope: local bookworm: resolved (fixed in 5.3.2+dfsg-5) bullseye: resolved (fixed in 5.3.2+dfsg-5) forky
debian
CVE-2018-15518P3HIGHCVSS 8.8fixed in qtbase-opensource-src 5.11.3+dfsg-2 (bookworm)2018
CVE-2018-15518 [HIGH] CVE-2018-15518: qtbase-opensource-src - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsin... QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. Scope: local bookworm: resolved (fixed in 5.11.3+dfsg-2) bullseye: resolved (fixed in 5.11.3+dfsg-2) forky: resolved (fixed in 5.11.3+dfsg-2) sid: resolved (fixed in 5.11.3+dfsg-2) trixie: resolved (fixed in 5.11.3+dfsg-2)
debian
CVE-2025-5455P3HIGHCVSS 8.4fixed in qt6-base 6.8.2+dfsg-8 (forky)2025
CVE-2025-5455 [HIGH] CVE-2025-5455: qt6-base - An issue was found in the private API function qDecodeDataUrl() in QtCore, which... An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit
debian
CVE-2015-1858P3MEDIUMCVSS 6.8fixed in qtbase-opensource-src 5.3.2+dfsg-5 (bookworm)2015
CVE-2015-1858 [MEDIUM] CVE-2015-1858: qtbase-opensource-src - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Q... Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. Scope: local bookworm: resolved (fixed in 5.3.2+dfsg-5) bullseye: resolved (fixed in 5.3.2+dfs
debian
CVE-2015-1859P3MEDIUMCVSS 6.8fixed in qtbase-opensource-src 5.3.2+dfsg-5 (bookworm)2015
CVE-2015-1859 [MEDIUM] CVE-2015-1859: qtbase-opensource-src - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtB... Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. Scope: local bookworm: resolved (fixed in 5.3.2+dfsg-5) bullseye: resolved (fix
debian
CVE-2023-24607P3HIGHCVSS 7.5fixed in qt6-base 6.4.2+dfsg-7 (bookworm)2023
CVE-2023-24607 [HIGH] CVE-2023-24607: qt6-base - Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODB... Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. Scope: local bookworm: resolved (fixed in 6.4.2+dfsg-7) forky: resolved (fixed in 6.4.2+dfsg-7) sid: resolved (fixed in 6.4.2+dfsg-7) trixie: re
debian
CVE-2023-32763P3HIGHCVSS 7.5fixed in qt6-base 6.4.2+dfsg-8 (bookworm)2023
CVE-2023-32763 [HIGH] CVE-2023-32763: qt6-base - An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x throug... An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. Scope: local bookworm: resolved (fixed in 6.4.2+dfsg-8) forky: resolved (fixed in 6.4.2+dfsg-8) sid: resolved (fixed in 6.4.2+dfsg-8) trixie: resolved (fixed in 6.4
debian
CVE-2022-25255P3HIGHCVSS 7.8fixed in qt6-base 6.2.4+dfsg-4 (bookworm)2022
CVE-2022-25255 [HIGH] CVE-2022-25255: qt6-base - In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX,... In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. Scope: local bookworm: resolved (fixed in 6.2.4+dfsg-4) forky: resolved (fixed in 6.2.4+dfsg-4) sid: resolved (fixed in 6.2.4+dfsg-4) trixie: resolved (fixed in 6.2.4+dfsg-4)
debian
CVE-2018-19870P3LOWCVSS 8.8fixed in qtbase-opensource-src 5.11.3+dfsg-2 (bookworm)2018
CVE-2018-19870 [HIGH] CVE-2018-19870: qtbase-opensource-src - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL... An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. Scope: local bookworm: resolved (fixed in 5.11.3+dfsg-2) bullseye: resolved (fixed in 5.11.3+dfsg-2) forky: resolved (fixed in 5.11.3+dfsg-2) sid: resolved (fixed in 5.11.3+dfsg-2) trixie: resolved (fixe
debian
CVE-2020-24742P3HIGHCVSS 7.8fixed in qtbase-opensource-src 5.12.5+dfsg-8 (bookworm)2020
CVE-2020-24742 [HIGH] CVE-2020-24742: qtbase-opensource-src - An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to lo... An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. Scope: local bookworm: resolved (fixed in 5.12.5+dfsg-8) bullseye: resolved (fixed in 5.12.5+dfsg-8) forky: resolved (fixed in 5.12.5+dfsg-8) sid: resolved (fixed i
debian
CVE-2023-37369P3HIGHCVSS 7.5fixed in qt6-base 6.4.2+dfsg-20 (forky)2023
CVE-2023-37369 [HIGH] CVE-2023-37369: qt6-base - In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, th... In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. Scope: local bookworm: open forky: resolved (fixed in 6.4.2+dfsg-20) sid: resolved (fixed in 6.4.2+dfsg-20) trixie: resolved (fixed in 6.4.2
debian
CVE-2015-9541P3LOWCVSS 6.5fixed in qtbase-opensource-src 5.12.5+dfsg-9 (bookworm)2015
CVE-2015-9541 [MEDIUM] CVE-2015-9541: qtbase-opensource-src - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted ... Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. Scope: local bookworm: resolved (fixed in 5.12.5+dfsg-9) bullseye: resolved (fixed in 5.12.5+dfsg-9) forky: resolved (fixed in 5.12.5+dfsg-9) sid: resolved (fixed in 5.12.5+dfsg-9) trixie
debian
CVE-2020-13962P3HIGHCVSS 7.5fixed in qtbase-opensource-src 5.14.2+dfsg-6 (bookworm)2020
CVE-2020-13962 [HIGH] CVE-2020-13962: qtbase-opensource-src - Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other... Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt versio
debian
CVE-2023-38197P3HIGHCVSS 7.5fixed in qt6-base 6.6.2+dfsg-8 (forky)2023
CVE-2023-38197 [HIGH] CVE-2023-38197: qt6-base - An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x throu... An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. Scope: local bookworm: open forky: resolved (fixed in 6.6.2+dfsg-8) sid: resolved (fixed in 6.6.2+dfsg-8) trixie: resolved (fixed in 6.6.2+dfsg-8)
debian
CVE-2024-39936P4HIGHCVSS 8.6fixed in qt6-base 6.8.2+dfsg-5 (forky)2024
CVE-2024-39936 [HIGH] CVE-2024-39936: qt6-base - An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x ... An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. Scope: local bookworm: open forky: resolved (fixed in
debian
CVE-2020-0570P4HIGHCVSS 7.3fixed in qtbase-opensource-src 5.12.5+dfsg-8 (bookworm)2020
CVE-2020-0570 [HIGH] CVE-2020-0570: qtbase-opensource-src - Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may ... Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Scope: local bookworm: resolved (fixed in 5.12.5+dfsg-8) bullseye: resolved (fixed in 5.12.5+dfsg-8) forky: resolved (fixed in 5.12.5+dfsg-8) sid: resolved (fixed in 5.12.5+dfsg-8) trix
debian
CVE-2020-17507P4MEDIUMCVSS 5.3fixed in qtbase-opensource-src 5.14.2+dfsg-6 (bookworm)2020
CVE-2020-17507 [MEDIUM] CVE-2020-17507: qtbase-opensource-src - An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5... An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. Scope: local bookworm: resolved (fixed in 5.14.2+dfsg-6) bullseye: resolved (fixed in 5.14.2+dfsg-6) forky: resolved (fixed in 5.14.2+dfsg-6) sid: resolved (fixed in 5.14.2+dfsg-6) trixie: resolved
debian
CVE-2023-32762P4MEDIUMCVSS 5.3fixed in qt6-base 6.4.2+dfsg-9 (bookworm)2023
CVE-2023-32762 [MEDIUM] CVE-2023-32762: qt6-base - An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x throug... An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. Scope: local bookwo
debian
Debian Qtbase-Opensource-Src vulnerabilities | cvebase