Flaw in Qt's GDI Font Engine Leading to Application Crashes on Windows
CVE-2023-43114
5.5MEDIUM
What is CVE-2023-43114?
A vulnerability exists in the Qt framework's handling of corrupted fonts when utilizing the GDI font engine on Windows. It occurs in versions prior to 5.15.16 and in various 6.x versions, specifically through 6.5.x before 6.5.3. When a corrupted font is added using QFontDatabase::addApplicationFontFromData, the absence of adequate length checks can lead to severe application crashes. This flaw emphasizes the need for careful font management within applications utilizing the Qt framework.
