Qt Qt
60 CVEs affecting Qt Qt. Latest disclosed: 2025-10-31. Critical: 5, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-36048 | Critical | 9.8 | 2024-05-18 | QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses… |
CVE-2023-51714 | Critical | 9.8 | 2023-12-24 | An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/… |
CVE-2020-12267 | Critical | 9.8 | 2020-04-27 | setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. |
CVE-2018-19873 | Critical | 9.8 | 2018-12-26 | An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. |
CVE-2017-10904 | Critical | 9.8 | 2017-12-16 | Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. |
CVE-2022-43591 | High | 8.8 | 2023-01-12 | A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds… |
CVE-2022-40983 | High | 8.8 | 2023-01-12 | An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer ove… |
CVE-2018-19870 | High | 8.8 | 2018-12-26 | An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. |
CVE-2018-15518 | High | 8.8 | 2018-12-26 | QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. |
CVE-2015-1290 | High | 8.8 | 2018-01-09 | The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service… |
CVE-2024-39936 | High | 8.6 | 2024-07-04 | An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make… |
CVE-2022-25255 | High | 7.8 | 2022-02-16 | In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not fo… |
CVE-2020-24742 | High | 7.8 | 2021-08-09 | An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arb… |
CVE-2023-37369 | High | 7.5 | 2023-08-20 | In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string th… |
CVE-2023-38197 | High | 7.5 | 2023-07-13 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. |
CVE-2023-32763 | High | 7.5 | 2023-05-28 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QT… |
CVE-2023-24607 | High | 7.5 | 2023-04-15 | Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions ar… |
CVE-2022-25634 | High | 7.5 | 2022-03-02 | Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. |
CVE-2021-38593 | High | 7.5 | 2021-08-12 | Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx… |
CVE-2020-13962 | High | 7.5 | 2020-06-09 | Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of servic… |