Home / mailingsPDF  

[USN-8076-1] Qt vulnerabilities

Posted on 06 March 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8076-1
March 05, 2026

qtbase-opensource-src vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Qt.

Software Description:
- qtbase-opensource-src: Qt 5 libraries

Details:

It was discovered that Qt did not correctly handle OpenSSL's error queue.
An attacker could possibly use this issue to cause a denial of service.
This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2020-13962)

It was discovered that Qt incorrectly handled certain XBM image files. If a
user or automated system were tricked into opening a specially crafted PPM
file, a remote attacker could cause Qt to crash, resulting in a denial of
service. This issue was only addressed in Ubuntu 16.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-17507)

It was discovered that Qt did not correctly handle executing specific
binaries. If a user or automated system were tricked into executing a
binary at a specific file path, an attacker could cause a denial of
service or execute arbitrary code. This issue was only addressed in
Ubuntu 20.04 LTS. (CVE-2022-25255)

It was discovered that Qt did not correctly handle certain integer
arithmetic. An attacker could possibly use this issue to cause a denial
of service. This issue was only addressed in Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-51714)

It was discovered that Qt did not correctly handle certain encrypted
connections. An attacker could possibly use this issue to leak sensitive
information. This issue was only addressed in Ubuntu 24.04 LTS.
(CVE-2024-39936)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libqt5core5t64 5.15.13+dfsg-1ubuntu1+esm1
Available with Ubuntu Pro
libqt5gui5t64 5.15.13+dfsg-1ubuntu1+esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libqt5core5a 5.15.3+dfsg-2ubuntu0.2+esm3
Available with Ubuntu Pro
libqt5gui5 5.15.3+dfsg-2ubuntu0.2+esm3
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libqt5core5a 5.12.8+dfsg-0ubuntu2.1+esm3
Available with Ubuntu Pro
libqt5gui5 5.12.8+dfsg-0ubuntu2.1+esm3
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libqt5core5a 5.9.5+dfsg-0ubuntu2.6+esm2
Available with Ubuntu Pro
libqt5gui5 5.9.5+dfsg-0ubuntu2.6+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libqt5core5a 5.5.1+dfsg-16ubuntu7.7+esm2
Available with Ubuntu Pro
libqt5gui5 5.5.1+dfsg-16ubuntu7.7+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8076-1
CVE-2020-13962, CVE-2020-17507, CVE-2022-25255, CVE-2023-51714,
CVE-2024-39936

--===============2419766236401405277==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :