Cross-platform software libraries and APIs
Qt Creator IDE and productivity tools
UI Design tool for UI composition
GUI test automation
Code coverage analysis
Test results management and analysis
Software static code analysis
Software architecture verification
The latest version of Qt.
Make the most of Qt tools, with options for commercial licensing, subscriptions, or open-source.
Explore Qt features, the Framework essentials, modules, tools & add-ons.
The project offers PySide6 - the official Python bindings that enhance Python applications.
Qt empowers productivity across the entire product development lifecycle, from UI design and software development to quality assurance and deployment. Find the solution that best suits your needs.
Insight into the evolution and importance of user-centric trends and strategies.
Learn how to shorten development times, improve user experience, and deploy anywhere.
Tips on efficient development, software architecture, and boosting team happiness.
Get the latest resources, check out upcoming events, and see who’s innovating with Qt.
Whether you're a beginner or a seasoned Qt pro, we have all the help and support you need to succeed.
June 01, 2023 by Andy Shaw | Comments
A recent buffer overflow issue in Qt Network has been reported and has been assigned the CVE id CVE-2023-33285.
QDnsLookup may read outside the bounds of the buffer it allocated to receive the DNS reply with certain, specially crafted replies that violate the DNS protocol.
QDnsLookup only parses DNS replies as a result of a DNS query initiated by the user application, explicitly with this class. This class is usually used by applications that specifically need support for DNS records, such as obtaining an MX for email delivery, and is not used in normal domain name resolution. It is currently not used by any other class in Qt.
To exploit this, the attacker must obtain a valid DNS query and must reply from the correct IP address of the server queried (usually, by controlling the DNS server used by the victim system, such as in a public WiFi scenario).
Attacks from further remote locations may be possible, but intermediary DNS servers may reject this malformed answer and not propagate it.
This only affects Unix based platforms, Windows is not affected at all.
Solution: Apply the following patch or update to Qt 5.15.14, Qt 6.2.9 or Qt 6.5.1
Patches:
dev: https://codereview.qt-project.org/c/qt/qtbase/+/477644
Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/477704 or https://download.qt.io/official_releases/qt/6.5/CVE-2023-33285-qtbase-6.5.diff
Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2023-33285-qtbase-6.2.diff
Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2023-33285-qtbase-5.15.diff
Download the latest release here: www.qt.io/download.
Qt 6.8 release focuses on technology trends like spatial computing & XR, complex data visualization in 2D & 3D, and ARM-based development for desktop.
Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.
Oct 8, 2024
We are thrilled to announce the release of Qt 6.8, packed with support for..
Sep 20, 2024
Qt Gradle Plugin 1.0 (QtGP) build tool has been released. You can include..
Sep 16, 2024
We are happy to announce the release of Qt Tools for Android Studio 3.0...
Qt Group includes The Qt Company Oy and its global subsidiaries and affiliates.