CVE-2023-32763

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-32763
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32763.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-32763
Downstream
Related
Published
2023-05-28T00:00:00Z
Modified
2026-05-09T03:38:09.665900Z
Summary
[none]
Details

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/32xxx/CVE-2023-32763.json",
    "cna_assigner": "mitre",
    "unresolved_ranges": [
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "5.15.15"
                },
                {
                    "introduced": "6.x"
                },
                {
                    "fixed": "6.2.9"
                },
                {
                    "introduced": "6.3.x"
                },
                {
                    "fixed": "6.5.x"
                },
                {
                    "fixed": "6.5.1"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/qt/qtbase

Affected ranges

Type
GIT
Repo
https://github.com/qt/qtbase
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ca725ad9c5331a657c328bf624f2b0b713623276
Introduced
fc9cda5f08ac848e88f63dd4a07c08b2fbc6bf17
Fixed
f131837a9fcc83dcfb70a0a91b1baacb6ccf14a2
Introduced
9554d315aa74eaba1726405ee09117e2ebc6111f
Fixed
55aee8697512af105dfefabc1e2ec41d4df1e45e
Database specific 
{
    "cpe": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.15.15"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.2.9"
        },
        {
            "introduced": "6.3.0"
        },
        {
            "fixed": "6.5.1"
        }
    ]
}

Affected versions

v5.*
v5.0.0-beta1
v5.0.0-beta2
v5.15.0-alpha1
v5.15.0-beta1
v5.15.0-beta2
v5.15.0-beta3
v5.15.0-beta4
v5.15.10-lts-lgpl
v5.15.11-lts-lgpl
v5.15.12-lts-lgpl
v5.15.13-lts-lgpl
v5.15.14-lts-lgpl
v5.15.3-lts-lgpl
v5.15.4-lts-lgpl
v5.15.5-lts-lgpl
v5.15.6-lts-lgpl
v5.15.7-lts-lgpl
v5.15.8-lts-lgpl
v5.15.9-lts-lgpl
v6.*
v6.0.0-alpha1
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-beta3
v6.0.0-beta4
v6.0.0-beta5
v6.2.0-alpha1
v6.2.0-beta1
v6.2.0-beta2
v6.2.0-beta3
v6.2.0-beta4
v6.2.5-lts-lgpl
v6.2.6-lts-lgpl
v6.2.7-lts-lgpl
v6.2.8-lts-lgpl
v6.5.0-beta1
v6.5.0-beta2
v6.5.0-beta3

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2023-32763-95a33edc",
        "digest": {
            "line_hashes": [
                "92376634840184399825365318154288351993",
                "232461204609313989120257745717201240216",
                "320708743009817993507337202164167887441",
                "21308290995217884491005044431632010900",
                "298034914405986548572445818450155724325",
                "171355919169060797509597056785544202524",
                "1069687939198931456973687425830032072",
                "3540876834910303010839964264776335282",
                "119893641728366708810635981190240492131",
                "135558535485227323371703831987671565962",
                "218424658944840923178893068857589239342",
                "180130516929332699035191217939835434911",
                "171902681780682419451758795992574159417",
                "194908686061445372061155934280632091709",
                "25828914292029408919762996279289826136",
                "271381063204330631592675759559091485281",
                "188826755362610565145874472998653610620",
                "61181470149620454368846073938918120330",
                "144456116250144122357606448252883560018",
                "210431344564871427713284927923317729215",
                "33720891528493242799779644168988618648",
                "131451878779952217380213242484707842149",
                "163457716009692412014758585930328269677",
                "48972863578760833987644564696874645146"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/qt/qtbase/commit/55aee8697512af105dfefabc1e2ec41d4df1e45e",
        "target": {
            "file": "src/network/kernel/qdnslookup_unix.cpp"
        }
    },
    {
        "id": "CVE-2023-32763-b3d99a5e",
        "digest": {
            "function_hash": "328679296815467547461728943587483981886",
            "length": 7904.0
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/qt/qtbase/commit/55aee8697512af105dfefabc1e2ec41d4df1e45e",
        "target": {
            "function": "QDnsLookupRunnable::query",
            "file": "src/network/kernel/qdnslookup_unix.cpp"
        }
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32763.json"
vanir_signatures_modified 
"2026-05-09T03:38:09Z"