CVE-2025-14576

>= 6.8.0 and < 6.8.6

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG fil

7.8HIGH

CVE-2025-5683

>= 6.3.0 and < 6.5.10

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from ver

5.5MEDIUM

CVE-2025-30348

< 5.15.19

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a strin

5.8MEDIUM

CVE-2024-39936

< 5.15.18

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.

8.6HIGH

CVE-2024-36048

< 5.15.17

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x th

9.8CRITICAL

CVE-2024-25580

>= 5.12.0 and < 5.15.17

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and

6.2MEDIUM

CVE-2024-30161

all versions

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (E

6.5MEDIUM

CVE-2023-51714

>= 5.7 and < 5.15.17

An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and

9.8CRITICAL

CVE-2023-43114

< 5.15.16

An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the G

5.5MEDIUM

CVE-2023-37369

< 5.15.15

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReade

7.5HIGH

CVE-2021-28025

all versions

Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to ca

5.5MEDIUM

CVE-2023-38197

< 5.15.15

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in

7.5HIGH

CVE-2023-34410

>= 5.13.0 and < 5.15.15

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for T

5.3MEDIUM

CVE-2023-32763

< 5.15.15

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an imag

7.5HIGH

CVE-2023-32762

>= 5.9.0 and < 5.15.14

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parse

5.3MEDIUM

CVE-2023-33285

>= 5.0.0 and < 5.15.4

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer

5.3MEDIUM

CVE-2023-32573

< 5.15.14

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initiali

6.5MEDIUM

CVE-2023-24607

>= 5.0.0 and < 5.15.13

Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR i

7.5HIGH

CVE-2022-43591

all versions

A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code

8.8HIGH

CVE-2022-40983

all versions

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript co

8.8HIGH

CVE-2021-3481

all versions

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelpe

7.1HIGH

CVE-2022-25634

<= 5.15.8

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.

7.5HIGH

CVE-2022-25255

>= 5.9.0 and < 5.15.9

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current

7.8HIGH

CVE-2021-45930

>= 5.0.0 and <= 5.15.2

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::E

5.5MEDIUM

CVE-2021-38593

>= 5.0.0 and < 5.15.6

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngi

7.5HIGH

CVE-2020-24742

>= 5.6.0 and < 5.12.7

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allo

7.8HIGH

CVE-2020-0569

>= 5.0.0 and <= 5.13.2

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable

5.7MEDIUM

CVE-2020-0570

< 5.9.10

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable

7.3HIGH

CVE-2020-17507

<= 5.12.9

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp

5.3MEDIUM

CVE-2020-13962

>= 5.12.2 and < 5.12.9

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which

7.5HIGH

CVE-2020-12267

all versions

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.

9.8CRITICAL

CVE-2018-21035

<= 5.14.1

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be con

7.5HIGH

CVE-2015-9541

>= 5.5.0 and < 5.12.8

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReade

7.5HIGH

CVE-2019-18281

>= 5.11.0 and <= 5.11.3

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before

4.3MEDIUM

CVE-2018-19872

all versions

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

5.5MEDIUM

CVE-2018-19873

<= 5.5.1

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.

9.8CRITICAL

CVE-2018-19871

< 5.11.3

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.

6.5MEDIUM

CVE-2018-19870

< 5.11.3

An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a

8.8HIGH

CVE-2018-19869

< 5.11.3

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.

6.5MEDIUM

CVE-2018-15518

>= 5.5.0 and < 5.11.3

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.

8.8HIGH

CVE-2018-19865

>= 5.7.0 and <= 5.7.1

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.

7.5HIGH

CVE-2015-1290

< 5.5.1

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers

8.8HIGH

CVE-2017-10905

< 5.9.3

A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via un

5.3MEDIUM

CVE-2017-10904

< 5.9.0

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

9.8CRITICAL

CVE-2017-15011

all versions

The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote

7.5HIGH

CVE-2015-8079

<= 5.3.2

qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.

5.3MEDIUM

CVE-2016-10040

all versions

Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application cras

5.5MEDIUM

CVE-2015-7298

all versions

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors wi

CVE-2015-1860

all versions

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote a

CVE-2015-1859

all versions

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2

CVE-2015-1858

all versions

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote a

CVE-2015-0295

<= 5.4.1

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows

CVE-2014-0190

< 5.3.0

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via inva

CVE-2013-4549

all versions

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML

CVE-2012-6093

<= 4.6.5

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of open

CVE-2012-5624

all versions

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers

CVE-2013-0254

all versions

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissi

CVE-2010-5076

all versions

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, whi

CVE-2011-3194

all versions

Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service

CVE-2011-3193

< 4.7.4

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4

CVE-2010-1766

<= 4.6.2

Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit

CVE-2010-2621

all versions

The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote at

CVE-2009-2700

all versions

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Su

CVE-2007-4137

all versions

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of

CVE-2007-3388

<= 3.3.7

Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsql

CVE-2007-0242

all versions

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard,

CVE-2006-4811

all versions

Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3,

CVE-2005-0627

all versions

Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_

CVE-2004-0693

<= 3.3.3

The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a

CVE-2004-0692

<= 3.3.3

The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a

CVE-2004-0691

<= 3.3.3

Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a