This can happen if you’ve configured your system library paths differently in Qt than what you intended, or if your system libraries have different configuration settings than system libraries. This can lead to a situation where a maliciously crafted system library file can unexpectedly load into Qt, potentially compromising user security and integrity. This issue has been resolved in Qt 5.16.

This issue affects all users of Qt 5.14.0 and Qt 5.15.x and earlier. This issue does not affect Qt 5.16.

CVEs: CVE-2018-13077, CVE-2018-13078, CVE-2018-13079, CVE-2018-13080, CVE-2018-13081, CVE-2018-13082, CVE-2018-13083, CVE-2018-13085, CVE-2018-13086, CVE-2018-13087, CVE-2018-13088, CVE-2018-13089, CVE-2018-13090, CVE-2018-13091, CVE-2018-13092, CVE-2018-13093, CVE-2018-13094.

What does this mean for me?

If you are using a Qt version affected by this vulnerability, please update your application to the latest version of Qt.

The issue was fixed in Qt 5.16.

What’s happening?

An update to Qt 5.16 has been released, which resolves the security issue above.
Qt 5.14.1 and earlier are affected by this issue; please upgrade to Qt 5.16.

Vulnerability Information

- CVE ID: CVE-2022-25634
- Issue dates: June 22, 2018
- Fixed in: Qt 5.16

Timeline

Published on: 03/02/2022 15:15:00 UTC
Last modified on: 03/09/2022 19:14:00 UTC

References