INFSA-2024:3056: qt5-qtbase security update
Information about definition
Identificator: INFSA-2024:3056
Type: security
Release date: 2024-08-23 19:45:21 UTC
Information about package
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.
Vulnerabilities description
- CVE-2023-51714
An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
- CVE-2024-25580
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-51714
|
no information | 7.5 | no information |
|
NIST — CVE-2024-25580
|
no information | 6.2 | no information |
Updated packages