📦

qt

Vendor: qt

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 1 Code Available
Total RCEs 7 Remote Access
Total CVEs 128 Total Indexed
Avg. EPSS 1.79% Exploit Prob.
Latest CVE CVE-2025-5683 Jun 05

Security Vulnerability Index

Page 4 / 13
7.5 CVSS
CVE-2015-9541
RCE

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

EPSS: 0.56%
5.5 CVSS
CVE-2018-19872

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

EPSS: 0.26%
9.8 CVSS
CVE-2018-19873

An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.

EPSS: 4.65%
6.5 CVSS
CVE-2018-19871

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.

EPSS: 0.70%
8.8 CVSS
CVE-2018-19870

An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.

EPSS: 1.69%
6.5 CVSS
CVE-2018-19869

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.

EPSS: 1.34%
8.8 CVSS
CVE-2018-15518

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.

EPSS: 2.31%
7.5 CVSS
CVE-2018-19865

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.

EPSS: 0.78%
8.8 CVSS
CVE-2015-1290
RCE

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

EPSS: 1.81%
5.3 CVSS
CVE-2017-10905

A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.

EPSS: 0.13%