{"id":"CVE-2022-40983","details":"An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.","modified":"2026-04-10T04:51:02.639015Z","published":"2023-01-12T17:15:09.407Z","references":[{"type":"WEB","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1617"},{"type":"EVIDENCE","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"0"},{"last_affected":"12dc1dc09d73f5400e1e77181749793885ed9ffc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.3.2"}]}}],"versions":["v5.0.0-beta1","v5.0.0-beta2","v6.0.0-alpha1","v6.0.0-beta1","v6.0.0-beta2","v6.0.0-beta3","v6.0.0-beta4","v6.0.0-beta5","v6.3.0-alpha1","v6.3.0-beta1","v6.3.0-beta2","v6.3.0-beta3","v6.3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40983.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}