CVE-2022-43591

Name of the Vulnerable Software and Affected Versions Qt Project Qt version 6.3.2

Description A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt. A specially-crafted JavaScript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. The target application would need to access a malicious web page to trigger this vulnerability.

Recommendations For Qt Project Qt version 6.3.2, consider disabling access to the QML QtScript Reflect API until a patch is available. Restrict access to malicious web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.