CVE-2022-25255

Note

introduced by:
https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=28666d167aa8e602c0bea25ebc4d51b55005db13
which seems to have been introduced in Qt 5.10, not 5.9 as the
CVE description suggests.

Package	Release	Status
qt6-base Launchpad, Ubuntu, Debian	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needs triage
	noble	Needs triage
	trusty	Ignored (end of standard support)
	upstream	Needs triage
	xenial	Ignored (end of standard support)
qtbase-opensource-src Launchpad, Ubuntu, Debian	bionic	Not vulnerable (5.9.5+dfsg-0ubuntu2.6)
	focal	Needed
	impish	Ignored (end of life)
	jammy	Not vulnerable (5.15.3+dfsg-2ubuntu0.2)
	kinetic	Not vulnerable (5.15.6+dfsg-1)
	lunar	Not vulnerable (5.15.8+dfsg-2)
	mantic	Not vulnerable (5.15.8+dfsg-2)
	noble	Not vulnerable (5.15.8+dfsg-2)
	trusty	Ignored (end of standard support)
	upstream	Released (5.15.2+dfsg-15)
	xenial	Not vulnerable

Parameter	Value
Base score	7.8
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-25255

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading