Emma Reuter and Theo Morales of ASIG and Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities.
Cisco ASIG and Cisco Talos recently discovered code execution vulnerabilities in QT QML.
Qt is a popular software suite primarily used to create graphical user interfaces. It also contains several supporting libraries which all aim to enable cross-platform application development with a unified programming API.
This advisory concerns:
Secondarily, TALOS-2022-1650 (CVE-2022-43591) can involve an out-of-bounds memory access, leading to arbitrary code execution.
Cisco Talos believes these are potential security issues and notified QT of the issues all in adherence to Cisco’s vulnerability disclosure policy.
Users are encouraged to update this affected product as soon as possible: Qt Project Qt 6.3.2. Talos tested and confirmed this version of QT could be exploited by this vulnerability.
The following Snort rules will detect exploitation attempts against this vulnerability: 60690-60691 and 60912-60913. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.