cbcvebase.

Debian Qtbase-Opensource-Src vulnerabilities

31 known vulnerabilities affecting debian/qtbase-opensource-src.

Total CVEs
31
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM14LOW5

Vulnerabilities

Page 2 of 2
CVE-2015-0295P4MEDIUMCVSS 5.0fixed in qtbase-opensource-src 5.3.2+dfsg-5 (bookworm)2015
CVE-2015-0295 [MEDIUM] CVE-2015-0295: qtbase-opensource-src - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks ... The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. Scope: local bookworm: resolved (fixed in 5.3.2+dfsg-5) bullseye: resolved (fixed in 5.3.2+dfsg-5) forky: resolved (fixed in 5
debian
CVE-2023-33285P4MEDIUMCVSS 5.3fixed in qt6-base 6.4.2+dfsg-10 (bookworm)2023
CVE-2023-33285 [MEDIUM] CVE-2023-33285: qt6-base - An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x th... An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. Scope: local bookworm: resolved (fixed in 6.4.2+dfsg-10) forky: resolved (fixed in 6.4.2+dfsg-10) sid: resolved (fixed in 6.4.2+dfsg-10) trixie: resolved (fixed in 6.4.2+dfsg-10)
debian
CVE-2023-34410P4MEDIUMCVSS 5.3fixed in qt6-base 6.4.2+dfsg-11 (forky)2023
CVE-2023-34410 [MEDIUM] CVE-2023-34410: qt6-base - An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x throug... An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. Scope: local bookworm: open forky: resolved (fixed in 6.4.2+dfsg-11) sid: resolved (fixed in 6.4.2+dfsg-11) trixie: resolved (fixed in 6.4.2+dfsg-1
debian
CVE-2025-30348P4MEDIUMCVSS 5.8fixed in qt6-base 6.8.2+dfsg-5 (forky)2025
CVE-2025-30348 [MEDIUM] CVE-2025-30348: qt6-base - encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML stri... encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). Scope: local bookworm: open forky: resolved (fixed in 6.8.2+dfsg-5) sid: resolved (fixed in 6.8.2+dfsg-5) trixie: resolved (fixed in 6.8.2+dfsg-5)
debian
CVE-2024-25580P4MEDIUMCVSS 6.2fixed in qt6-base 6.6.2+dfsg-8 (forky)2024
CVE-2024-25580 [MEDIUM] CVE-2024-25580: qt6-base - An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x be... An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. Scope: local bookworm: open forky: resolved (fixed in 6.6.2+dfsg-8) sid: resolved (fixed in 6.6.2+dfsg-8) trixie: resolved (fixed in 6
debian
CVE-2016-10040P4MEDIUMCVSS 5.5fixed in qtbase-opensource-src 5.2.0+dfsg-7 (bookworm)2016
CVE-2016-10040 [MEDIUM] CVE-2016-10040: qtbase-opensource-src - Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attack... Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags. Scope: local bookworm: resolved (fixed in 5.2.0+dfsg-7) bullseye: resolved (fixed in 5.2.0+dfsg-7) forky: resolved (fixed in 5.2.0+dfsg-7) sid: resolved (fixed in 5.2.0+dfs
debian
CVE-2013-4549P4MEDIUMCVSS 5.0fixed in qtbase-opensource-src 5.1.1+dfsg-6 (bookworm)2013
CVE-2013-4549 [MEDIUM] CVE-2013-4549: qtbase-opensource-src - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a ... QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. Scope: local bookworm: resolved (fixed in 5.1.1+dfsg-6) bullseye: resolved (fixed in 5.1.1+dfsg-6) forky: resolved (fixed in 5.1.1+dfsg-6) sid: resolved (fixed in 5.1.1+dfsg-6) trixie: resolved
debian
CVE-2025-3512P4LOWCVSS 4.8fixed in qt6-base 6.8.2+dfsg-6 (forky)2025
CVE-2025-3512 [MEDIUM] CVE-2025-3512: qt6-base - There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. Th... There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later. Scope: local bookworm: resolved forky: resolved
debian
CVE-2018-19872P4LOWCVSS 5.5fixed in qtbase-opensource-src 5.11.2+dfsg-3 (bookworm)2018
CVE-2018-19872 [MEDIUM] CVE-2018-19872: qtbase-opensource-src - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by z... An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Scope: local bookworm: resolved (fixed in 5.11.2+dfsg-3) bullseye: resolved (fixed in 5.11.2+dfsg-3) forky: resolved (fixed in 5.11.2+dfsg-3) sid: resolved (fixed in 5.11.2+dfsg-3) trixie: resolved (fixed in 5.11.2+dfsg-3)
debian
CVE-2020-0569P4MEDIUMCVSS 5.7fixed in qtbase-opensource-src 5.12.5+dfsg-8 (bookworm)2020
CVE-2020-0569 [MEDIUM] CVE-2020-0569: qtbase-opensource-src - Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may ... Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Scope: local bookworm: resolved (fixed in 5.12.5+dfsg-8) bullseye: resolved (fixed in 5.12.5+dfsg-8) forky: resolved (fixed in 5.12.5+dfsg-8) sid: resolved (fixed in 5.12.5+dfsg-8) trixie:
debian
CVE-2019-18281P4MEDIUMCVSS 4.3fixed in qtbase-opensource-src 5.12.5+dfsg-2 (bookworm)2019
CVE-2019-18281 [MEDIUM] CVE-2019-18281: qtbase-opensource-src - An out-of-bounds memory access in the generateDirectionalRuns() function in qtex... An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. Scope: local bookworm: resolved (fixed in 5.12.5+dfsg-2) bullseye: resolved (fixed in
debian
Debian Qtbase-Opensource-Src vulnerabilities | cvebase