DEBIAN-CVE-2022-43591
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-43591
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-43591.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-43591
- Upstream
- Published
- 2023-01-12T17:15:09Z
- Modified
- 2025-09-25T23:27:55.152729Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
- References
Affected packages
Debian:11
qtdeclarative-opensource-src
Package
- Name
- qtdeclarative-opensource-src
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.15.2+dfsg-6
5.15.2+dfsg-7
5.15.2+dfsg-8
5.15.2+dfsg-9
5.15.2+dfsg-10
5.15.3+dfsg-1
5.15.4+dfsg-1
5.15.4+dfsg-2
5.15.4+dfsg-3
5.15.4+dfsg-4
5.15.4+dfsg-4+m68k
5.15.5+dfsg-1
5.15.6+dfsg-1
5.15.6+dfsg-2
5.15.6+dfsg-2+m68k
5.15.7+dfsg-1
5.15.7+dfsg-2
5.15.8+dfsg-1
5.15.8+dfsg-2
5.15.8+dfsg-2+m68k
5.15.8+dfsg-3
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-2+m68k
5.15.10+dfsg-2+m68k.1
5.15.11+dfsg-1
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-2+hurd.1
5.15.13+dfsg-2+loong64
5.15.13+dfsg-2+m68k
5.15.15+dfsg-1
5.15.15+dfsg-2
5.15.15+dfsg-2+hurd.1
5.15.15+dfsg-3
5.15.15+dfsg-3+m68k
5.15.16+dfsg-1
5.15.17+dfsg-1
5.15.17+dfsg-2
5.15.17+dfsg-2+hurd.1
qtdeclarative-opensource-src-gles
Package
- Name
- qtdeclarative-opensource-src-gles
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src-gles?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.15.2+dfsg-2
5.15.2+dfsg-3
5.15.3+dfsg-1
5.15.4+dfsg-1
5.15.4+dfsg-2
5.15.5+dfsg-1
5.15.6+dfsg-1
5.15.6+dfsg-2
5.15.7+dfsg-1
5.15.7+dfsg-2
5.15.8+dfsg-1
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-3
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-3
5.15.15+dfsg-1
5.15.15+dfsg-2
5.15.17+dfsg-1
5.15.17+dfsg-2
Debian:12
qt6-declarative
qtdeclarative-opensource-src
Package
- Name
- qtdeclarative-opensource-src
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.15.8+dfsg-3
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-2+m68k
5.15.10+dfsg-2+m68k.1
5.15.11+dfsg-1
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-2+hurd.1
5.15.13+dfsg-2+loong64
5.15.13+dfsg-2+m68k
5.15.15+dfsg-1
5.15.15+dfsg-2
5.15.15+dfsg-2+hurd.1
5.15.15+dfsg-3
5.15.15+dfsg-3+m68k
5.15.16+dfsg-1
5.15.17+dfsg-1
5.15.17+dfsg-2
5.15.17+dfsg-2+hurd.1
qtdeclarative-opensource-src-gles
Package
- Name
- qtdeclarative-opensource-src-gles
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src-gles?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13
qt6-declarative
qtdeclarative-opensource-src
Package
- Name
- qtdeclarative-opensource-src
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
qtdeclarative-opensource-src-gles
Debian:14
qt6-declarative
qtdeclarative-opensource-src
Package
- Name
- qtdeclarative-opensource-src
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected