Vulnerabilities > Digia > QT > 2.0.2

DATE CVE VULNERABILITY TITLE RISK
2015-05-12 CVE-2015-1860 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.
6.8
2015-05-12 CVE-2015-1859 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.
6.8
2015-05-12 CVE-2015-1858 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.
6.8
2015-03-25 CVE-2015-0295 Numeric Errors vulnerability in multiple products
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
network
low complexity
fedoraproject opensuse digia CWE-189
5.0
2012-06-29 CVE-2010-5076 Improper Input Validation vulnerability in multiple products
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
network
digia qt CWE-20
4.3
2010-07-22 CVE-2010-1766 Numeric Errors vulnerability in multiple products
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.
network
low complexity
digia webkit CWE-189
7.5
2010-07-02 CVE-2010-2621 Improper Input Validation vulnerability in multiple products
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
network
low complexity
qt digia CWE-20
5.0