usn-8076-1
Vulnerability from osv_ubuntu
It was discovered that Qt did not correctly handle OpenSSL's error queue. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2020-13962)
It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-17507)
It was discovered that Qt did not correctly handle executing specific binaries. If a user or automated system were tricked into executing a binary at a specific file path, an attacker could cause a denial of service or execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2022-25255)
It was discovered that Qt did not correctly handle certain integer arithmetic. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-51714)
It was discovered that Qt did not correctly handle certain encrypted connections. An attacker could possibly use this issue to leak sensitive information. This issue was only addressed in Ubuntu 24.04 LTS. (CVE-2024-39936)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-17507",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libqt5concurrent5",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5core5a",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5dbus5",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5gui5",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5libqgtk2",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5network5",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5opengl5",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5printsupport5",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5sql5",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5sql5-mysql",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5sql5-odbc",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5sql5-psql",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5sql5-sqlite",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5sql5-tds",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5test5",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5widgets5",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "libqt5xml5",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "qt5-default",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "qt5-qmake",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "qt5-qmake-arm-linux-gnueabihf",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "qtbase5-dev-tools",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "qtbase5-doc-html",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
},
{
"binary_name": "qtbase5-examples",
"binary_version": "5.5.1+dfsg-16ubuntu7.7+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "qtbase-opensource-src",
"purl": "pkg:deb/ubuntu/qtbase-opensource-src@5.5.1+dfsg-16ubuntu7.7+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.5.1+dfsg-16ubuntu7.7+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.4.2+dfsg-2ubuntu9",
"5.5.1+dfsg-6ubuntu4",
"5.5.1+dfsg-10ubuntu2",
"5.5.1+dfsg-13ubuntu1",
"5.5.1+dfsg-13ubuntu2",
"5.5.1+dfsg-13ubuntu3",
"5.5.1+dfsg-14ubuntu1",
"5.5.1+dfsg-14ubuntu2",
"5.5.1+dfsg-14ubuntu3",
"5.5.1+dfsg-15ubuntu1",
"5.5.1+dfsg-16ubuntu1",
"5.5.1+dfsg-16ubuntu6",
"5.5.1+dfsg-16ubuntu7",
"5.5.1+dfsg-16ubuntu7.1",
"5.5.1+dfsg-16ubuntu7.2",
"5.5.1+dfsg-16ubuntu7.5",
"5.5.1+dfsg-16ubuntu7.6",
"5.5.1+dfsg-16ubuntu7.7",
"5.5.1+dfsg-16ubuntu7.7+esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-51714",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libqt5concurrent5",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5core5a",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5dbus5",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5gui5",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5network5",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5opengl5",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5printsupport5",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5sql5",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5sql5-ibase",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5sql5-mysql",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5sql5-odbc",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5sql5-psql",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5sql5-sqlite",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5sql5-tds",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5test5",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5widgets5",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "libqt5xml5",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "qt5-default",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "qt5-gtk-platformtheme",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "qt5-qmake",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "qt5-qmake-bin",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "qtbase5-dev-tools",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "qtbase5-doc-html",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
},
{
"binary_name": "qtbase5-examples",
"binary_version": "5.9.5+dfsg-0ubuntu2.6+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "qtbase-opensource-src",
"purl": "pkg:deb/ubuntu/qtbase-opensource-src@5.9.5+dfsg-0ubuntu2.6+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.9.5+dfsg-0ubuntu2.6+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.9.1+dfsg-10ubuntu1",
"5.9.1+dfsg-10ubuntu2",
"5.9.2+dfsg-4ubuntu6",
"5.9.3+dfsg-0ubuntu1",
"5.9.3+dfsg-0ubuntu3",
"5.9.3+dfsg-0ubuntu4",
"5.9.4+dfsg-0ubuntu3",
"5.9.4+dfsg-0ubuntu4",
"5.9.5+dfsg-0ubuntu1",
"5.9.5+dfsg-0ubuntu2",
"5.9.5+dfsg-0ubuntu2.1",
"5.9.5+dfsg-0ubuntu2.3",
"5.9.5+dfsg-0ubuntu2.4",
"5.9.5+dfsg-0ubuntu2.5",
"5.9.5+dfsg-0ubuntu2.6",
"5.9.5+dfsg-0ubuntu2.6+esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-13962",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-17507",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-25255",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-51714",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-39936",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libqt5concurrent5",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5core5a",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5dbus5",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5gui5",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5network5",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5opengl5",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5printsupport5",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5sql5",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5sql5-ibase",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5sql5-mysql",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5sql5-odbc",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5sql5-psql",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5sql5-sqlite",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5sql5-tds",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5test5",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5widgets5",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "libqt5xml5",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "qt5-default",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "qt5-flatpak-platformtheme",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "qt5-gtk-platformtheme",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "qt5-qmake",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "qt5-qmake-bin",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "qt5-xdgdesktopportal-platformtheme",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "qtbase5-dev-tools",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "qtbase5-doc-html",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
},
{
"binary_name": "qtbase5-examples",
"binary_version": "5.12.8+dfsg-0ubuntu2.1+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "qtbase-opensource-src",
"purl": "pkg:deb/ubuntu/qtbase-opensource-src@5.12.8+dfsg-0ubuntu2.1+esm3?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.12.8+dfsg-0ubuntu2.1+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.12.4+dfsg-4ubuntu1",
"5.12.5+dfsg-2",
"5.12.5+dfsg-8",
"5.12.5+dfsg-8build1",
"5.12.5+dfsg-9build1",
"5.12.8+dfsg-0ubuntu1",
"5.12.8+dfsg-0ubuntu2.1",
"5.12.8+dfsg-0ubuntu2.1+esm1",
"5.12.8+dfsg-0ubuntu2.1+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-51714",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-39936",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libqt5concurrent5",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5core5a",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5dbus5",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5gui5",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5network5",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5opengl5",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5printsupport5",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5sql5",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5sql5-ibase",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5sql5-mysql",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5sql5-odbc",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5sql5-psql",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5sql5-sqlite",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5sql5-tds",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5test5",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5widgets5",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "libqt5xml5",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "qt5-flatpak-platformtheme",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "qt5-gtk-platformtheme",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "qt5-qmake",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "qt5-qmake-bin",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "qt5-xdgdesktopportal-platformtheme",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "qtbase5-dev-tools",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "qtbase5-doc-html",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
},
{
"binary_name": "qtbase5-examples",
"binary_version": "5.15.3+dfsg-2ubuntu0.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "qtbase-opensource-src",
"purl": "pkg:deb/ubuntu/qtbase-opensource-src@5.15.3+dfsg-2ubuntu0.2+esm3?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.3+dfsg-2ubuntu0.2+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.15.2+dfsg-12",
"5.15.2+dfsg-13",
"5.15.2+dfsg-14",
"5.15.2+dfsg-14ubuntu1",
"5.15.2+dfsg-14ubuntu3",
"5.15.2+dfsg-15",
"5.15.3+dfsg-1",
"5.15.3+dfsg-2",
"5.15.3+dfsg-2ubuntu0.1",
"5.15.3+dfsg-2ubuntu0.2",
"5.15.3+dfsg-2ubuntu0.2+esm1",
"5.15.3+dfsg-2ubuntu0.2+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2024-39936",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libqt5concurrent5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5core5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5dbus5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5gui5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5network5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5opengl5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5printsupport5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5sql5-ibase",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5sql5-mysql",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5sql5-odbc",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5sql5-psql",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5sql5-sqlite",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5sql5-tds",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5sql5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5test5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5widgets5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "libqt5xml5t64",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "qt5-gtk-platformtheme",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "qt5-qmake",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "qt5-qmake-bin",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "qt5-xdgdesktopportal-platformtheme",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "qtbase5-dev-tools",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "qtbase5-doc-html",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
},
{
"binary_name": "qtbase5-examples",
"binary_version": "5.15.13+dfsg-1ubuntu1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "qtbase-opensource-src",
"purl": "pkg:deb/ubuntu/qtbase-opensource-src@5.15.13+dfsg-1ubuntu1+esm1?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.13+dfsg-1ubuntu1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.15.10+dfsg-3",
"5.15.10+dfsg-5",
"5.15.10+dfsg-5ubuntu1",
"5.15.12+dfsg-1ubuntu1",
"5.15.12+dfsg-3ubuntu1",
"5.15.12+dfsg-3ubuntu6",
"5.15.12+dfsg-3ubuntu7",
"5.15.13+dfsg-1ubuntu1"
]
}
],
"aliases": [],
"details": "It was discovered that Qt did not correctly handle OpenSSL\u0027s error queue.\nAn attacker could possibly use this issue to cause a denial of service.\nThis issue was only addressed in Ubuntu 20.04 LTS. (CVE-2020-13962)\n\nIt was discovered that Qt incorrectly handled certain XBM image files. If a\nuser or automated system were tricked into opening a specially crafted PPM\nfile, a remote attacker could cause Qt to crash, resulting in a denial of\nservice. This issue was only addressed in Ubuntu 16.04 LTS and\nUbuntu 20.04 LTS. (CVE-2020-17507)\n\nIt was discovered that Qt did not correctly handle executing specific\nbinaries. If a user or automated system were tricked into executing a\nbinary at a specific file path, an attacker could cause a denial of\nservice or execute arbitrary code. This issue was only addressed in\nUbuntu 20.04 LTS. (CVE-2022-25255)\n\nIt was discovered that Qt did not correctly handle certain integer\narithmetic. An attacker could possibly use this issue to cause a denial\nof service. This issue was only addressed in Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-51714)\n\nIt was discovered that Qt did not correctly handle certain encrypted\nconnections. An attacker could possibly use this issue to leak sensitive\ninformation. This issue was only addressed in Ubuntu 24.04 LTS.\n(CVE-2024-39936)",
"id": "USN-8076-1",
"modified": "2026-06-25T10:47:32Z",
"published": "2026-03-05T22:53:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8076-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-13962"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-17507"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-25255"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-51714"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-39936"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "qtbase-opensource-src vulnerabilities",
"upstream": [
"UBUNTU-CVE-2020-13962",
"UBUNTU-CVE-2020-17507",
"UBUNTU-CVE-2022-25255",
"UBUNTU-CVE-2023-51714",
"UBUNTU-CVE-2024-39936"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.