CVE-2022-40983

NameCVE-2022-40983
DescriptionAn integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qt6-declarative (PTS)bookworm6.4.2+dfsg-1fixed
sid, trixie6.8.2+dfsg-7fixed
qtdeclarative-opensource-src (PTS)bullseye5.15.2+dfsg-6vulnerable
bookworm5.15.8+dfsg-3vulnerable
sid, trixie5.15.15+dfsg-3vulnerable
qtdeclarative-opensource-src-gles (PTS)bullseye5.15.2+dfsg-2vulnerable
bookworm5.15.8+dfsg-1vulnerable
sid, trixie5.15.15+dfsg-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qt6-declarativesource(unstable)6.4.2+dfsg~rc1-2unimportant
qtdeclarative-opensource-srcsource(unstable)(unfixed)unimportant
qtdeclarative-opensource-src-glessource(unstable)(unfixed)unimportant

Notes

Not considered a security issue, QML only supported from a trusted source
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650
https://www.qt.io/blog/regarding-recent-reported-security-vulnerabilities-from-cisco-talos
https://bugreports.qt.io/browse/QTBUG-107619
https://codereview.qt-project.org/c/qt/qtdeclarative/+/437921
Search for package or bug name: Reporting problems