Fluid Attacks Database

Description

A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	qtdeclarative-opensource-src-gles	=5.15.15+dfsg-2 \|\| =5.15.17+dfsg-1 \|\| =5.15.17+dfsg-2 \|\| =5.15.18+dfsg-1	-
debian 14	qtdeclarative-opensource-src-gles	=5.15.15+dfsg-2 \|\| =5.15.17+dfsg-1 \|\| =5.15.17+dfsg-2 \|\| =5.15.18+dfsg-1	-
debian 11	qtdeclarative-opensource-src	=5.15.10+dfsg-1 \|\| =5.15.10+dfsg-2 \|\| =5.15.10+dfsg-2+m68k \|\| =5.15.10+dfsg-2+m68k.1 \|\| =5.15.11+dfsg-1 \|\| =5.15.12+dfsg-1 \|\| =5.15.13+dfsg-1 \|\| =5.15.13+dfsg-2 \|\| =5.15.13+dfsg-2+hurd.1 \|\| =5.15.13+dfsg-2+loong64 \|\| =5.15.13+dfsg-2+m68k \|\| =5.15.15+dfsg-1 \|\| =5.15.15+dfsg-2 \|\| =5.15.15+dfsg-2+hurd.1 \|\| =5.15.15+dfsg-3 \|\| =5.15.15+dfsg-3+m68k \|\| =5.15.16+dfsg-1 \|\| =5.15.17+dfsg-1 \|\| =5.15.17+dfsg-2 \|\| =5.15.17+dfsg-2+hurd.1 \|\| =5.15.17+dfsg-3 \|\| =5.15.17+dfsg-4 \|\| =5.15.18+dfsg-1 \|\| =5.15.18+dfsg-2 \|\| =5.15.2+dfsg-10 \|\| =5.15.2+dfsg-6 \|\| =5.15.2+dfsg-7 \|\| =5.15.2+dfsg-8 \|\| =5.15.2+dfsg-9 \|\| =5.15.3+dfsg-1 \|\| =5.15.4+dfsg-1 \|\| =5.15.4+dfsg-2 \|\| =5.15.4+dfsg-3 \|\| =5.15.4+dfsg-4 \|\| =5.15.4+dfsg-4+m68k \|\| =5.15.5+dfsg-1 \|\| =5.15.6+dfsg-1 \|\| =5.15.6+dfsg-2 \|\| =5.15.6+dfsg-2+m68k \|\| =5.15.7+dfsg-1 \|\| =5.15.7+dfsg-2 \|\| =5.15.8+dfsg-1 \|\| =5.15.8+dfsg-2 \|\| =5.15.8+dfsg-2+m68k \|\| =5.15.8+dfsg-3 \|\| =5.15.9+dfsg-1	-
debian 12	qtdeclarative-opensource-src	=5.15.10+dfsg-1 \|\| =5.15.10+dfsg-2 \|\| =5.15.10+dfsg-2+m68k \|\| =5.15.10+dfsg-2+m68k.1 \|\| =5.15.11+dfsg-1 \|\| =5.15.12+dfsg-1 \|\| =5.15.13+dfsg-1 \|\| =5.15.13+dfsg-2 \|\| =5.15.13+dfsg-2+hurd.1 \|\| =5.15.13+dfsg-2+loong64 \|\| =5.15.13+dfsg-2+m68k \|\| =5.15.15+dfsg-1 \|\| =5.15.15+dfsg-2 \|\| =5.15.15+dfsg-2+hurd.1 \|\| =5.15.15+dfsg-3 \|\| =5.15.15+dfsg-3+m68k \|\| =5.15.16+dfsg-1 \|\| =5.15.17+dfsg-1 \|\| =5.15.17+dfsg-2 \|\| =5.15.17+dfsg-2+hurd.1 \|\| =5.15.17+dfsg-3 \|\| =5.15.17+dfsg-4 \|\| =5.15.18+dfsg-1 \|\| =5.15.18+dfsg-2 \|\| =5.15.8+dfsg-3 \|\| =5.15.9+dfsg-1	-
debian 13	qtdeclarative-opensource-src	=5.15.15+dfsg-3 \|\| =5.15.15+dfsg-3+m68k \|\| =5.15.16+dfsg-1 \|\| =5.15.17+dfsg-1 \|\| =5.15.17+dfsg-2 \|\| =5.15.17+dfsg-2+hurd.1 \|\| =5.15.17+dfsg-3 \|\| =5.15.17+dfsg-4 \|\| =5.15.18+dfsg-1 \|\| =5.15.18+dfsg-2	-
debian 14	qtdeclarative-opensource-src	=5.15.15+dfsg-3 \|\| =5.15.15+dfsg-3+m68k \|\| =5.15.16+dfsg-1 \|\| =5.15.17+dfsg-1 \|\| =5.15.17+dfsg-2 \|\| =5.15.17+dfsg-2+hurd.1 \|\| =5.15.17+dfsg-3 \|\| =5.15.17+dfsg-4 \|\| =5.15.18+dfsg-1 \|\| =5.15.18+dfsg-2	-
debian 12	qt6-declarative	>=0 <6.4.2+dfsg~rc1-2	6.4.2+dfsg~rc1-2
debian 13	qt6-declarative	>=0 <6.4.2+dfsg~rc1-2	6.4.2+dfsg~rc1-2
debian 14	qt6-declarative	>=0 <6.4.2+dfsg~rc1-2	6.4.2+dfsg~rc1-2
debian 11	qtdeclarative-opensource-src-gles	=5.15.10+dfsg-1 \|\| =5.15.10+dfsg-2 \|\| =5.15.10+dfsg-3 \|\| =5.15.12+dfsg-1 \|\| =5.15.13+dfsg-1 \|\| =5.15.13+dfsg-2 \|\| =5.15.13+dfsg-3 \|\| =5.15.15+dfsg-1 \|\| =5.15.15+dfsg-2 \|\| =5.15.17+dfsg-1 \|\| =5.15.17+dfsg-2 \|\| =5.15.18+dfsg-1 \|\| =5.15.2+dfsg-2 \|\| =5.15.2+dfsg-3 \|\| =5.15.3+dfsg-1 \|\| =5.15.4+dfsg-1 \|\| =5.15.4+dfsg-2 \|\| =5.15.5+dfsg-1 \|\| =5.15.6+dfsg-1 \|\| =5.15.6+dfsg-2 \|\| =5.15.7+dfsg-1 \|\| =5.15.7+dfsg-2 \|\| =5.15.8+dfsg-1 \|\| =5.15.9+dfsg-1	-

1-10 of 11

Aliases

1. CVE-2022-435912. NVD-2022-435913. OSV-DEBIAN-2022-435914. OSV-2022-435915. SECURITY-TRACKER-CVE-2022-43591

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.