{"id":"CVE-2017-10904","details":"Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.","modified":"2026-04-11T04:47:18.580670Z","published":"2017-12-16T02:29:07.183Z","references":[{"type":"REPORT","url":"https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"},{"type":"REPORT","url":"https://jvn.jp/en/jp/JVN67389262/index.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"0"},{"fixed":"f6b36eaafec24b4c67efff621d380a4ca4257d0b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.9.0"}]}}],"versions":["v5.0.0-beta1","v5.0.0-beta2","v5.9.0-alpha1","v5.9.0-beta1","v5.9.0-beta2","v5.9.0-beta3","v5.9.0-beta4","v5.9.0-rc1"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:47:18Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-10904.json","vanir_signatures":[{"deprecated":false,"source":"https://github.com/qt/qtbase/commit/f6b36eaafec24b4c67efff621d380a4ca4257d0b","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"164352870239466284880525203474079562082","length":2630},"id":"CVE-2017-10904-2c6fffb2","target":{"file":"src/widgets/itemviews/qheaderview.cpp","function":"QHeaderViewPrivate::read"}},{"deprecated":false,"source":"https://github.com/qt/qtbase/commit/f6b36eaafec24b4c67efff621d380a4ca4257d0b","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["164074333214652703344207342332719907309","132579726673860302426051946963971335183","8461509609109902108736346206679050087","313808976597623905058695953159288432089","151413344751434080756681595462594734904","58473402307005855852222042282860790836"]},"id":"CVE-2017-10904-3c44bcf1","target":{"file":"src/widgets/itemviews/qheaderview.cpp"}},{"deprecated":false,"source":"https://github.com/qt/qtbase/commit/f6b36eaafec24b4c67efff621d380a4ca4257d0b","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["76542030488451093116205964448917534261","330540106202239942306734099365755131535","6476227822993667084215093913601677116","120361044892460261233976746848401549366","254638331563350843347710057579032493473","28401838328222708884847710550912996550","82845077507913743721139799057307378519","218797872561187179798393419369950502769"]},"id":"CVE-2017-10904-7c6eb266","target":{"file":"tests/auto/widgets/itemviews/qheaderview/tst_qheaderview.cpp"}},{"deprecated":false,"source":"https://github.com/qt/qtbase/commit/f6b36eaafec24b4c67efff621d380a4ca4257d0b","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"90769596104713334155070960973252800177","length":793},"id":"CVE-2017-10904-d1cfa2dc","target":{"file":"tests/auto/widgets/itemviews/qheaderview/tst_qheaderview.cpp","function":"tst_QHeaderView::restoreToMoreColumns"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}