{"id":"CVE-2022-43591","details":"A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.","modified":"2026-02-19T01:39:07.244136Z","published":"2023-01-12T17:15:09.523Z","references":[{"type":"WEB","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650"},{"type":"ADVISORY","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650"},{"type":"EVIDENCE","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"0"},{"last_affected":"12dc1dc09d73f5400e1e77181749793885ed9ffc"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43591.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}