Search for packages
| purl | pkg:deb/ubuntu/qtbase-opensource-src@5.9.5%2Bdfsg-0ubuntu1 |
| Next non-vulnerable version | 5.12.8+dfsg-0ubuntu1 |
| Latest non-vulnerable version | 5.12.8+dfsg-0ubuntu1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-11v5-hat5-aaas
Aliases: CVE-2018-19873 |
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. |
Affected by 10 other vulnerabilities. |
|
VCID-1379-5bqd-aaas
Aliases: CVE-2018-19870 |
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. |
Affected by 10 other vulnerabilities. |
|
VCID-1qkn-nzf8-aaaf
Aliases: CVE-2015-9541 |
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. |
Affected by 1 other vulnerability. |
|
VCID-4vj1-dm1q-aaan
Aliases: CVE-2018-19872 |
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. |
Affected by 5 other vulnerabilities. |
|
VCID-5g5x-8nra-aaac
Aliases: CVE-2016-10040 |
Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags. |
Affected by 6 other vulnerabilities. |
|
VCID-74ct-7v5h-aaae
Aliases: CVE-2019-18281 |
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. |
Affected by 2 other vulnerabilities. |
|
VCID-9m91-css2-aaad
Aliases: CVE-2020-24742 |
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. |
Affected by 0 other vulnerabilities. |
|
VCID-bz43-6hzb-aaap
Aliases: CVE-2020-13962 |
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) |
Affected by 9 other vulnerabilities. |
|
VCID-efyy-g8eg-aaaa
Aliases: CVE-2020-17507 |
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. |
Affected by 3 other vulnerabilities. |
|
VCID-fshm-aucd-aaap
Aliases: CVE-2021-38593 |
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). |
Affected by 3 other vulnerabilities. |
|
VCID-rf59-fr67-aaaj
Aliases: CVE-2018-15518 |
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. |
Affected by 10 other vulnerabilities. |
|
VCID-rpsv-xny3-aaap
Aliases: CVE-2020-0569 |
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. |
Affected by 2 other vulnerabilities. |
|
VCID-txpf-1k3n-aaaf
Aliases: CVE-2020-0570 |
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|