Security advisory: FreeType in Qt
There have been three vulnerabilities found in FreeType recently and they have been assigned the CVE ids CVE-2022-27404, CVE-2022-27405, CVE-2022-27406. This has been fixed in the latest version of FreeType – v2.12.1
These effects configurations of Qt that have been built against the bundled version of FreeType. If you are using a pre-built version of Qt then this will be using the bundled version of FreeType by default, otherwise you will be using the system version by default, in which case you should check if the system needs to be updated or not. If the system needs to be updated, then updating it is enough to solve the issue. There is no need to rebuild Qt in that case.
Solution: To work-around it, then update your system version of FreeType to at least v2.12.1 and reconfigure and build Qt to use the system version of FreeType. Or apply the following patch or update to Qt 6.3.2 when it is released.
6.3: https://codereview.qt-project.org/c/qt/qtbase/+/423391 or https://download.qt.io/official_releases/qt/6.3/CVE-2022-27404-27405-27406-qtbase-6.3.diff
6.2: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/423393 or https://download.qt.io/official_releases/qt/6.2/CVE-2022-27404-27405-27406-qtbase-6.2.diff
5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/423394 or https://download.qt.io/official_releases/qt/5.15/CVE-2022-27404-27405-27406-qtbase-5.15.diff
Subscribe to our newsletter
Try Qt 6.4 Now!
Download the latest release here: www.qt.io/download.
Qt 6 is the productivity platform for the future, with next-gen 2D & 3D UX and limitless scalability.
Explore Qt World
Check our Qt demos and case studies in the virtual Qt World
Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.
Näytä tämä julkaisu Instagramissa.
Want to build something for tomorrow, join #QtPeople today! We have loads of cool jobs you don't want to miss! http://qt.io/careers #builtwithQt #software #developers #coding #framework #tool #tooling #C++ #QML #engineers #sales #tech #technology #UI #UX #CX #Qt #Qtdev #global #openpositions #careers #job
Henkilön Qt (@theqtcompany) jakama julkaisu