CVE-2022-43591
HIGH8.8EPSS 1.4%發布日:2023/1/12修改日:2026/4/28
描述
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
受影響套件(3)
- Debian/qt6-declarativefrom 0, < 6.4.2+dfsg~rc1-2
- Debian/qtdeclarative-opensource-srcfrom 0
- Debian/qtdeclarative-opensource-src-glesfrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |