{"id":"UBUNTU-CVE-2022-25634","details":"Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.","modified":"2025-10-24T04:53:32Z","published":"2022-03-02T15:15:00Z","upstream":["CVE-2022-25634"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-25634"},{"type":"REPORT","url":"https://codereview.qt-project.org/c/qt/qtbase/+/396689"},{"type":"REPORT","url":"https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/396690"},{"type":"REPORT","url":"https://codereview.qt-project.org/c/qt/qtbase/+/396440"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-25634"}],"affected":[{"package":{"name":"qtbase-opensource-src-gles","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/qtbase-opensource-src-gles@5.5.1+dfsg-16ubuntu6?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.4.2+dfsg-2ubuntu9","5.5.1+dfsg-6ubuntu1","5.5.1+dfsg-10ubuntu1","5.5.1+dfsg-13ubuntu1","5.5.1+dfsg-13ubuntu2","5.5.1+dfsg-13ubuntu3","5.5.1+dfsg-14ubuntu1","5.5.1+dfsg-14ubuntu2","5.5.1+dfsg-14ubuntu3","5.5.1+dfsg-15ubuntu1","5.5.1+dfsg-16ubuntu1","5.5.1+dfsg-16ubuntu4","5.5.1+dfsg-16ubuntu5","5.5.1+dfsg-16ubuntu6"],"ecosystem_specific":{"binaries":[{"binary_version":"5.5.1+dfsg-16ubuntu6","binary_name":"libqt5gui5-gles"},{"binary_version":"5.5.1+dfsg-16ubuntu6","binary_name":"libqt5opengl5-gles"},{"binary_version":"5.5.1+dfsg-16ubuntu6","binary_name":"libqt5opengl5-gles-dev"},{"binary_version":"5.5.1+dfsg-16ubuntu6","binary_name":"qt5-qmake-gles"},{"binary_version":"5.5.1+dfsg-16ubuntu6","binary_name":"qtbase5-gles-dev"},{"binary_version":"5.5.1+dfsg-16ubuntu6","binary_name":"qtbase5-private-gles-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-25634.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}