CVE Vulnerabilities

CVE-2022-25255

Published: Feb 16, 2022 | Modified: Feb 28, 2022
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
7.8 MODERATE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.

Affected Software

Name Vendor Start Version End Version
Qt Qt 5.9.0 (including) 5.15.9 (excluding)
Qt Qt 6.0.0 (including) 6.2.4 (excluding)
Qt6-base Ubuntu kinetic *
Qt6-base Ubuntu lunar *
Qt6-base Ubuntu trusty *
Qt6-base Ubuntu xenial *
Qtbase-opensource-src Ubuntu esm-apps/focal *
Qtbase-opensource-src Ubuntu focal *
Qtbase-opensource-src Ubuntu impish *
Qtbase-opensource-src Ubuntu trusty *
Qtbase-opensource-src Ubuntu upstream *
Qtbase-opensource-src Ubuntu xenial *
Red Hat Enterprise Linux 8 RedHat qt5-0:5.15.3-1.el8 *
Red Hat Enterprise Linux 9 RedHat qt5-0:5.15.3-1.el9 *

References