{"id":"CVE-2022-25255","details":"In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.","modified":"2026-04-11T17:20:10.699157Z","published":"2022-02-16T19:15:09.300Z","related":["ALSA-2022:7482","ALSA-2022:8022","SUSE-SU-2022:0841-1","openSUSE-SU-2022:0841-1","openSUSE-SU-2024:11879-1","openSUSE-SU-2024:11886-1","openSUSE-SU-2024:11974-1"],"references":[{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtbase/+/393113"},{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtbase/+/394914"},{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtbase/+/396020"},{"type":"FIX","url":"https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff"},{"type":"FIX","url":"https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"f6b36eaafec24b4c67efff621d380a4ca4257d0b"},{"fixed":"42e4ae042a4c86e58bcb8b6d2d59ba4a988285b4"},{"introduced":"fc9cda5f08ac848e88f63dd4a07c08b2fbc6bf17"},{"fixed":"d3b5353380797f3b67599ccebc5dc916057681e5"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"5.9.0"},{"fixed":"5.15.9"},{"introduced":"6.0.0"},{"fixed":"6.2.4"}],"cpe":"cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25255.json","vanir_signatures":[{"deprecated":false,"target":{"function":"sqlite3_test_control","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":4986,"function_hash":"290480917781266093386700747030206342773"},"signature_type":"Function","id":"CVE-2022-25255-0a52c1ca"},{"deprecated":false,"target":{"function":"fts5SegIterReverseNewPage","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":1082,"function_hash":"113964827741888369651996994728788579571"},"signature_type":"Function","id":"CVE-2022-25255-0b6cb97f"},{"deprecated":false,"target":{"function":"fts5SourceIdFunc","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":271,"function_hash":"282048321341062344884369198257082701573"},"signature_type":"Function","id":"CVE-2022-25255-16b11573"},{"deprecated":false,"target":{"function":"editPage","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":2673,"function_hash":"257392378014740512034012466478398164000"},"signature_type":"Function","id":"CVE-2022-25255-1b86f951"},{"deprecated":false,"target":{"function":"sqlite3_limit","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":1476,"function_hash":"274354454356201929533696110296678867022"},"signature_type":"Function","id":"CVE-2022-25255-26f5820d"},{"deprecated":false,"target":{"function":"rebuildPage","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":1699,"function_hash":"6454910378742267503908590898448420519"},"signature_type":"Function","id":"CVE-2022-25255-36921452"},{"deprecated":false,"target":{"file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["328105333883462334465864689439606789268","199070197837573109235156897693055841300","254229894017524972120709405948172853767","117289713787236159983045952722556725477","276468428333054721604799844815118293431","152342764068737230099600558937141980947","154027470681568053094178370070038066664","51354029215623357347390278312336653141","200616265419620641252183757046787064925","319195830498579364145177966469631901050","199453932708772242255957495691215049039","116854337229771682025326562233491078423","270808937725947848172910559648188963218","105103079756851134129746919032043100142","267704964471845926284975162288928681105","272069013754759012802578990541666290623","244404662251732831734493501760856755645","338434843950834723849986513960206538636","179773663736416973154187846477167406838","272219605551200679492872779134634204111","275929319802020090619399478292980588306","307912456549914647289644192342538447742","5712406742303581094605816363063715816","70911745891439714600744839760716327029","83039443645296847494235858008349602950","149319226248018686457661624277869398562","247289234607968576532420247041143143726","305853101545366312961079028757358667842","116236947420733988185201727085854546074","303996788314772250159225861951624176585","289899445694137927255204450423103434784","305853101545366312961079028757358667842","116236947420733988185201727085854546074","303996788314772250159225861951624176585","289899445694137927255204450423103434784","103555194787576097827405968323423890922","213570534692903792153484605770005051468","36351026909857232621292980232342558942","273585284670313812139674090798000424170","28170365651474689993347686995352140085","47555963498976478245605584046543027943","134205045960197015856960550706212451210","335230013474784178611726373202453827434","56218654322705829383281940990363544791","235851866492829800171057668183542314657","213459604968766443084009844694069645920","221574709865765541226533302440402185667","83244564030400769248205265057478556461","183630714473359623525534717600609875351","333337763089204064043372374180335019341","212183396784585957114987090265926105745","121275179812921592052441300732080709043","179731838894753654680691408533386880074","238566701472039904983226640463843867708","40706697767531827821673721284069147731","178956039792846152461002842744699843897","101957778405107096931454124277712590508","138793487250985293618660066421832034696","65058159098856945126823335249049668055","60285806044243174401773559504803731036","233882512566123393058695372125305942683","42512111514854943322286541437931272314","303093527476412488736657705154922425845","156354565926582454733731446366199780416","16147966257990433913017848830650705964","55929650272779057465598952968315333049","108553987166136837161341757486775028818","116303384017450119898463569910324214773","117556244396878497958325741997039345367","172587158713583500542289747871638944083","19903302330929891422639688255117225976","61276767945518975147185191875074187694","242304074178469229676069689698273355222","179057270394079690908534398584754810891","202251252098546509614944475666170450016","90082487720823219019719346287572879342","210951212196096802515825644744271149499","300319488451192322073902299094867807719","339511087677807099714340801041796336519","273308426491122460398096666069357240322","232047370075439249709258092905638383605","107577493108447571820176667136716153385","53667146614055883969240874693432007792","186722482965297538991695369010594257767","246373663854377914741175911235431732520","231808113176792268606802216211015185666","199858826735677824773907082638391658396","91579291507279307623680827203938777560","229664176020318676004035785191773104719","110275693291491870875240615132507857419","271037752485032541235581172146507695590","239920889620077674813367717324478300992","94769568459785061612440894126133088376","118189939367984743071870064525312503130","205478544371203038704717297836773366731","5823837755546854842780770709174621882","54246202877623949524329728179901860325","308674645992574256878922945585555357099","281693577313787181295760434554185483591","298010853305913230631822415097689884033","167783844460774361115674166670271680984","231789849255552682556111078300553035178","98708345006790825319135747808256518590","121281494226103688043646616017314115187","66741336829817790124000498212826758334","14671032196084717672696020844921894530","17806053842606218297572921290563307938","233939114199635880001006842615867326548","11312314360243886383482973090741331839","46731662132159195650749575521690211466","134319525000770249000566879690661538400","102461110938106351853169727650574254382","20278402035812011994331961478323138393","275873623571652146912207377821921809865","309248654920056686181478152357979743770","207176041892134731962330806763132706941","40710414946010526028519254692313103125","173105202426789082340742375416797671644","104630501048782916093918259011669340459","165215536374357048279777467419939789732","26042044495229171743375182183111991534","270944459789074855874315299217830696534","138322591241742956630083092474151822298","258640600893772663295370090636033859347","329606116063716629152188308288567476950","144838103321631140138946030446913336399","36702039518401316585889242045298456428","324638286479773104580559409758574895460","327849341984108445458499698941329760664","250145830990025820422420714195794338706","318778517555839094662739770165253604376","57887929998350476088158114132379035664","54578169930322541971227876440352069214","123176147082740814667691858074278915348","49981568446095644151566831805299336224","102644749630683932396767523271358514049","288858394398349348631554885343005295238","68417344484071519553204182700860750004","331603644063809050161957510468704855040","310637227142598230331941637547316152401","104545152089524721911920321859781881990","115143229948986054359144489955922954451","77439765078110735973872548442000933382","225792826776792345974756752315528522962","252961325913765869579294159040952688429","233377269841604316750482159322347485993","263991699236663762721587816062521319685","197623031355586912375511413530085994177","286312076450600691630188204266321476223","324839908907804668110555361562159860496","124505147070300541936243368074578142750","266763676522607670048399072652676575145","87669569374495620909759106292195983504","221201841598030193117392078854931013328","325500184104359687558462881037064205977","210237844444037638524425587663634334438","117821355142055054362703552842009948099","304469081807534440370666313134996815699","137341096756467439425024946765254923916","120539820474335846877507631856084501500","269743390675943094724215222484721316214","220606219529388766758897309162648102348","293080734671419324610532701918585736257","127480377038408930519631176823424383161"]},"signature_type":"Line","id":"CVE-2022-25255-432a1047"},{"deprecated":false,"target":{"function":"sqlite3VdbeExec","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":122610,"function_hash":"21964197705544762370756374725627018075"},"signature_type":"Function","id":"CVE-2022-25255-4ce60bb4"},{"deprecated":false,"target":{"function":"sqlite3OpenTable","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":758,"function_hash":"75781069273761686614742338901794612345"},"signature_type":"Function","id":"CVE-2022-25255-5d0b0371"},{"deprecated":false,"target":{"function":"sqlite3VdbeIdxRowid","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":1368,"function_hash":"273214714596142763638781658855225726030"},"signature_type":"Function","id":"CVE-2022-25255-5fb60c06"},{"deprecated":false,"target":{"function":"sqlite3Prepare","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":2515,"function_hash":"285730137601710961918722720946365000462"},"signature_type":"Function","id":"CVE-2022-25255-6d6a127c"},{"deprecated":false,"target":{"function":"sqlite3PagerSharedLock","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":3027,"function_hash":"58628229792063633970168828837819601996"},"signature_type":"Function","id":"CVE-2022-25255-7b2106b9"},{"deprecated":false,"target":{"function":"sqlite3BtreeDelete","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":3412,"function_hash":"336482534851203686618121026763987236839"},"signature_type":"Function","id":"CVE-2022-25255-7ea8d5b2"},{"deprecated":false,"target":{"function":"codeReturningTrigger","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":1670,"function_hash":"209106284873140804186643861517371843971"},"signature_type":"Function","id":"CVE-2022-25255-81cd1d91"},{"deprecated":false,"target":{"function":"sqlite3GenerateConstraintChecks","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":14679,"function_hash":"295247940624723926524997066356763398029"},"signature_type":"Function","id":"CVE-2022-25255-83249e70"},{"deprecated":false,"target":{"function":"cellSizePtr","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":1005,"function_hash":"279354866571267647574774061947989951512"},"signature_type":"Function","id":"CVE-2022-25255-849a0d85"},{"deprecated":false,"target":{"function":"sqlite3ExprCanBeNull","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":645,"function_hash":"290819630192527207054708821483977611880"},"signature_type":"Function","id":"CVE-2022-25255-8d848f08"},{"deprecated":false,"target":{"function":"btreeSetNPage","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":245,"function_hash":"280109815179834694787762292275457066513"},"signature_type":"Function","id":"CVE-2022-25255-8d976e8c"},{"deprecated":false,"target":{"function":"sqlite3CompleteInsertion","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":1576,"function_hash":"207641422125501463203150752590836872235"},"signature_type":"Function","id":"CVE-2022-25255-917b1cb2"},{"deprecated":false,"target":{"function":"memjrnlTruncate","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":696,"function_hash":"53673865192853931145739722921988470746"},"signature_type":"Function","id":"CVE-2022-25255-917e6522"},{"deprecated":false,"target":{"function":"sqlite3LockAndPrepare","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":827,"function_hash":"319219063276714905852597520615832161354"},"signature_type":"Function","id":"CVE-2022-25255-997697d9"},{"deprecated":false,"target":{"function":"btreeParseCellPtrIndex","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":833,"function_hash":"196796352310910014605016784850328588325"},"signature_type":"Function","id":"CVE-2022-25255-99b7516c"},{"deprecated":false,"target":{"function":"assertTruncateConstraintCb","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":169,"function_hash":"334088308778503223473834570012281543720"},"signature_type":"Function","id":"CVE-2022-25255-dcc7141c"},{"deprecated":false,"target":{"function":"btreeParseCellPtr","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":1115,"function_hash":"12860222483232787261756121933997023666"},"signature_type":"Function","id":"CVE-2022-25255-e360a0da"},{"deprecated":false,"target":{"function":"dropCell","file":"src/3rdparty/sqlite/sqlite3.c"},"source":"https://github.com/qt/qtbase/commit/d3b5353380797f3b67599ccebc5dc916057681e5","signature_version":"v1","digest":{"length":1237,"function_hash":"247127932928978640591288261639013617651"},"signature_type":"Function","id":"CVE-2022-25255-f65fc9fd"}],"vanir_signatures_modified":"2026-04-11T17:20:10Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}