Cross-platform software libraries and APIs
Qt Creator IDE and productivity tools
UI Design tool for UI composition
GUI test automation
Code coverage analysis
Test results management and analysis
Software static code analysis
Software architecture verification
The latest version of Qt.
Make the most of Qt tools, with options for commercial licensing, subscriptions, or open-source.
Explore Qt features, the Framework essentials, modules, tools & add-ons.
The project offers PySide6 - the official Python bindings that enhance Python applications.
Qt empowers productivity across the entire product development lifecycle, from UI design and software development to quality assurance and deployment. Find the solution that best suits your needs.
Insight into the evolution and importance of user-centric trends and strategies.
Learn how to shorten development times, improve user experience, and deploy anywhere.
Tips on efficient development, software architecture, and boosting team happiness.
Get the latest resources, check out upcoming events, and see who’s innovating with Qt.
Whether you're a beginner or a seasoned Qt pro, we have all the help and support you need to succeed.
March 04, 2022 by Andy Shaw | Comments
Recently, the Qt Project's security team was made aware of an issue regarding Qt's usage of LoadLibrary in a few locations and determined it to be a security issue on Windows only.
Specifically, the problem is connected to when LoadLibrary is used to load a system library, such as opengl.dll as these are expected to be located inside the system Windows directory. However, LoadLibrary will search in the current working directory first to see if a dll with the same name is available there first and as a result it can end up trying to load that one instead of the correct one. This can mean that it can invoke the Preload routine of the dll before trying to load the symbols needed by the caller.
This can be worked around in any application, by calling:
SetSearchPathMode(BASE_SEARCH_PATH_ENABLE_SAFE_SEARCHMODE | BASE_SEARCH_PATH_PERMANENT);
before
creating the Q[Core|Gui]Application object and then any calls to LoadLibrary will only check in the current working directory after it has searched the other paths which should suffice to prevent the problem.
Patches are available for the currently supported versions of Qt can be found here:
dev: https://codereview.qt-project.org/c/qt/qtbase/+/396440
Qt 6.2: https://codereview.qt-project.org/c/qt/qtbase/+/396689 or https://download.qt.io/official_releases/qt/6.2/CVE-2022-25643-6.2.diff
Qt 5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690 or https://download.qt.io/official_releases/qt/5.15/CVE-2022-25643-5.15.diff
The official CVE report for this can be found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25634
Update: It has been reported that the workaround is not always working, so it is recommended to see: https://support.microsoft.com/en-us/topic/secure-loading-of-libraries-to-prevent-dll-preloading-attacks-d41303ec-0748-9211-f317-2edc819682e1 for further options in that respect.
Download the latest release here: www.qt.io/download.
Qt 6.8 release focuses on technology trends like spatial computing & XR, complex data visualization in 2D & 3D, and ARM-based development for desktop.
Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.
Dec 17, 2024
We have released Qt 6.9 Beta 1 today. As usual, Qt 6.9 Beta 1 is available..
Nov 8, 2024
Today, we released Qt for Android Automotive 6.8 Long Term Support (LTS)..
Oct 8, 2024
We are thrilled to announce the release of Qt 6.8, packed with support for..
Qt Group includes The Qt Company Oy and its global subsidiaries and affiliates.