Qt Qt

  1. Vendors
  2. Qt

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Qt product.

RSS Feeds for Qt security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Qt products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Qt Sorted by Most Security Vulnerabilities since 2018

Qt60 vulnerabilities

Qt Network Authorization1 vulnerability

Qtbase1 vulnerability

Qtsvg1 vulnerability

Qtwebkit1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Qt. Last year, in 2025 Qt had 9 security vulnerabilities published. Right now, Qt is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 9 4.20
2024 5 8.20
2023 13 6.98
2022 3 6.70
2021 2 7.65
2020 6 6.83
2019 2 5.50
2018 6 7.82

It may take a day or so for new Qt vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Qt Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-12385 Dec 03, 2025
Qt Quick Text 5.0-6.10: unchecked <img> w/h causes DoS Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.
Qt
CVE-2025-23050 Oct 31, 2025
Out-of-bounds read in QLowEnergyController (Qt <6.8.2) QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.
Qt
CVE-2025-6338 Oct 16, 2025
Qt Network Schannel Incomplete Cleanup DoS (5.15.06.8.3, 6.9.06.9.1) There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2.
Qt
CVE-2025-10729 Oct 03, 2025
UAF in XML Parser: <pattern> Node Not Child of Structural Node The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
Qt
CVE-2025-5992 Jul 11, 2025
Qt 6.6-6.9 DoS via QColorTransferGenericFunction When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
Qt
CVE-2025-5991 Jun 11, 2025
Qt QHttp2ProtocolHandler Use-After-Free in Qt 6.9.0 (fixed in 6.9.1) There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.
Qt
CVE-2025-5455 Jun 02, 2025
QtCore qDecodeDataUrl assertion DoS before 6.5.9 An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.
Qt
CVE-2025-3512 Apr 11, 2025
Qt 6.8.0-6.8.4 Heap-based Buffer Overflow in QTextMarkdownImporter There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.
Qt
CVE-2025-30348 Mar 21, 2025
Qt QDom encodeText complex algorithm flaw before 6.8.0 encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
Qt
CVE-2023-45872 Oct 09, 2024
Qt 6.6.x/6.3.x DoS via QML Image Assuming SVG An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if it is not actually an SVG document.
Qt
CVE-2024-39936 Jul 04, 2024
Qt HTTP2 Early Decision Before Encrypted() (CVE-2024-39936) An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
Qt
CVE-2024-36048 May 18, 2024
Predictable PRNG Seeding in Qt QAbstractOAuth (pre-5.15.17/6.2.13) QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.
Qt
Qt Network Authorization
CVE-2024-25580 Mar 27, 2024
Qt KTX Buffer Overflow (pre-5.15.17/6.2.12/6.5.5/6.6.2) An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
Qt
CVE-2024-30161 Mar 24, 2024
Qt 6.5.x/6.6.2 QNetworkReply DP Leak in WebAssembly In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)
Qt
CVE-2023-51714 Dec 24, 2023
Qt HPACK Integer Overflow HTTP/2 (<5.15.17, <6.2.11, <6.5.4, <6.6.2) An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
Qt
CVE-2023-43114 Sep 18, 2023
Qt 5.15.x/6.x GDI Crash via QFontDatabase::addApplicationFont[FromData] An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.
Qt
CVE-2023-37369 Aug 20, 2023
Crash in Qt QXmlStreamReader Before 5.15.15/6.2.9/6.5.2 via Crafted XML In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.
Qt
CVE-2021-28025 Aug 11, 2023
Qt qtsvg <=6.2 Integer Overflow DoS (CVE-2021-28025) Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
Qt
CVE-2023-38197 Jul 13, 2023
Qt Rec. Entity Expn. Infinite Loop (v<=5.15.14, 6.x<=6.2.9, 6.3-6.5<=6.5.2) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
Qt
CVE-2023-34410 Jun 05, 2023
Qt TLS Root CA Validation Bypass (5.15.15,6.2.9,6.5.2) An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.
Qt
CVE-2023-32762 May 28, 2023
Qt Network HSTS Header Parsing Allows Unencrypted Connections (5.15.13, 6.1) An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
Qt
CVE-2023-32763 May 28, 2023
Qt Buffer Overflow via SVG Image Pre-5.15.15/6.2.9/6.5.1 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
Qt
CVE-2023-33285 May 22, 2023
Qt QDnsLookup Buffer OverRead in DNS Reply Fixed 5.15.14/6.2.9/6.5.1 An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.
Qt
CVE-2023-32573 May 10, 2023
Qt SVG QSvgFont m_unitsPerEm Init Mishandle Before 5.15.14/6.5.1 In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
Qt
CVE-2023-24607 Apr 15, 2023
Qt <=6.4.2 DoS via crafted string in SQL ODBC driver (SQLTCHAR=4) Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
Qt
CVE-2022-40983 Jan 12, 2023
Qt 6.3.2 Reflect API Integer Overflow Enables Code Exec An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
Qt
CVE-2022-43591 Jan 12, 2023
Buffer Overflow in QML QtScript Reflect API (Qt 6.3.2) A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
Qt
CVE-2021-3481 Aug 22, 2022
Qt QRadialFetchSimd OOB Read in SVG Rendering A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
Qt
CVE-2022-25634 Mar 02, 2022
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
Qt
CVE-2021-45930 Jan 01, 2022
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
Qtsvg
CVE-2021-38593 Aug 12, 2021
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
Qt
CVE-2020-24742 Aug 09, 2021
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
Qt
CVE-2020-0569 Nov 23, 2020
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
Qt
CVE-2020-0570 Sep 14, 2020
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
Qt
CVE-2020-17507 Aug 12, 2020
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1 An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
Qt
CVE-2020-13962 Jun 09, 2020
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)
Qt
CVE-2020-12267 Apr 27, 2020
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.
Qt
CVE-2018-21035 Feb 28, 2020
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
Qt
CVE-2019-18281 Oct 23, 2019
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters.
Qtbase
CVE-2018-19872 Mar 21, 2019
An issue was discovered in Qt 5.11 An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
Qt
CVE-2018-19871 Dec 26, 2018
An issue was discovered in Qt before 5.11.3 An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
Qt
CVE-2018-19873 Dec 26, 2018
An issue was discovered in Qt before 5.11.3 An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
Qt
CVE-2018-19870 Dec 26, 2018
An issue was discovered in Qt before 5.11.3 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
Qt
CVE-2018-19869 Dec 26, 2018
An issue was discovered in Qt before 5.11.3 An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
Qt
CVE-2018-15518 Dec 26, 2018
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
Qt
CVE-2018-19865 Dec 05, 2018
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
Qt
CVE-2015-8079 Sep 07, 2017
qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.
Qtwebkit
CVE-2015-7298 Oct 26, 2015
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.
Qt
CVE-2015-1859 May 12, 2015
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
Qt
CVE-2015-1860 May 12, 2015
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
Qt
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.