Qt 5.6 contains security vulnerabilities
torusrxxx opened this issue · comments
Torusrxxx commented
As I was investigating and patching CVE-2023-4863 in another project, I also found Qt 5.6 used by x64dbg needs to be patched as well. More information is available at https://www.qt.io/blog/two-qt-security-advisorys-gdi-font-engine-webp-image-format
Duncan Ogilvie commented
I don't think these patches are relevant for x64dbg, considering a user needs to add a corrupt font and no WebP is being rendered. Security issues would be relevant if opening/running an executable would trigger a crash or code execution in the x64dbg process.