CVE-2022-40983
HIGH8.8EPSS 0.84%Published: 1/12/2023Modified: 4/28/2026
Description
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
Affected packages (3)
- Debian/qt6-declarativefrom 0, < 6.4.2+dfsg~rc1-2
- Debian/qtdeclarative-opensource-srcfrom 0
- Debian/qtdeclarative-opensource-src-glesfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |