CVE-2024-39936
- Source
- https://cve.org/CVERecord?id=CVE-2024-39936
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39936.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-39936
- Downstream
- Related
- Published
- 2024-07-04T21:15:10.180Z
- Modified
- 2026-02-11T02:01:27.888701Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
- References
Affected packages
Git / github.com/qt/qt5
Git / github.com/qt/qtbase
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qt/qtbase
- Events
-
FixedIntroducedFixedIntroducedFixedIntroducedFixed
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39936.json"
vanir_signatures
[
{
"id": "CVE-2024-39936-2e029142",
"signature_type": "Function",
"digest": {
"function_hash": "297594887767442272234953710013872217385",
"length": 3602.0
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"function": "_jpeg_skip_scanlines",
"file": "src/3rdparty/libjpeg/src/jdapistd.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-30bb05b4",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"238812358178134258348402339491393942744",
"65021909418872283462016070950310730604",
"281859048662224521985812577235565326302",
"286842166552504723994853808858585427421",
"105989373357661859489910015817648890689",
"248717183327682656008043478815848377899",
"262880095834214793998682684906262431669",
"150635852381833268752458734701239366211",
"70896513694721530951139813582053314188"
]
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"file": "src/3rdparty/libjpeg/src/jdapistd.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-4bd5b552",
"signature_type": "Function",
"digest": {
"function_hash": "171666054930286118321257300496342823173",
"length": 1716.0
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"function": "encode_mcu_AC_first",
"file": "src/3rdparty/libjpeg/src/jcphuff.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-6a913096",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"282271705919220662797317301953562217210",
"26354801347968419450462874614737305076",
"121448180855004584010038074524035003838",
"171877027560841729265860058532867137992",
"150037881264369561876825616417169450961",
"300181338973449275970315300801237141492",
"220502051796372030677109761646319934852",
"171877027560841729265860058532867137992",
"319836103987847772261625489613057113856"
]
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"file": "src/3rdparty/libjpeg/src/jmemnobs.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-7e2649bc",
"signature_type": "Function",
"digest": {
"function_hash": "225691331049317106882581261176048708909",
"length": 1873.0
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"function": "save_marker",
"file": "src/3rdparty/libjpeg/src/jdmarker.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-7e26a850",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"86891332643807965807444811923206745291",
"170019315699302020184204478133416483597",
"317909979623887872167233895087085373461"
]
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"file": "src/3rdparty/libjpeg/src/jchuff.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-7f3ddb5f",
"signature_type": "Function",
"digest": {
"function_hash": "120629277169633982242690646483688813814",
"length": 2438.0
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"function": "_jpeg_crop_scanline",
"file": "src/3rdparty/libjpeg/src/jdapistd.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-95c4ff74",
"signature_type": "Function",
"digest": {
"function_hash": "174590571016291036914804854964422047859",
"length": 1847.0
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"function": "encode_mcu_AC_refine",
"file": "src/3rdparty/libjpeg/src/jcphuff.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-a7fa1a05",
"signature_type": "Function",
"digest": {
"function_hash": "310957850098035546516130821996946822070",
"length": 1771.0
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"function": "get_sof",
"file": "src/3rdparty/libjpeg/src/jdmarker.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-aff347fb",
"signature_type": "Function",
"digest": {
"function_hash": "126253469987247160605116429180815017523",
"length": 364.0
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"function": "jpeg_abort",
"file": "src/3rdparty/libjpeg/src/jcomapi.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-b7328db0",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"75455869277611418914614959630974876406",
"243175196749763967234642741750043613100",
"21710536031753962687661373946722612882",
"98169982617924137934735667447262952962",
"247133728735013742670172731908185260225",
"5702256517840662419395978215990308436",
"147658319126284880460410923713024667270",
"328667933812664049325355441762668269728"
]
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"file": "src/3rdparty/libjpeg/src/jpegint.h"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-c2f925de",
"signature_type": "Function",
"digest": {
"function_hash": "116792800950565794731693741766954361280",
"length": 1686.0
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"function": "jinit_c_master_control",
"file": "src/3rdparty/libjpeg/src/jcmaster.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-c3b79787",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"155181600771589220044399818623914628812",
"175522640684176832842224937218734827512",
"11199357094457896743020596337394234841",
"325633496200158301648971895592423869978"
]
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"file": "src/3rdparty/libjpeg/src/jcparam.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-cc3913da",
"signature_type": "Function",
"digest": {
"function_hash": "242105973936000741376676343751265081177",
"length": 250.0
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"function": "encode_one_block_simd",
"file": "src/3rdparty/libjpeg/src/jchuff.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-cd4e58be",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"302884232758301730968022407404771432158",
"49317775225756221646264614877824123176",
"45589192693632696636085060402579746071",
"35384128077787820148826174798084727981",
"97988047487540332933963559917935396560",
"253186434447164529744763168940616558059",
"105122674525832142031539380152109635528",
"198193026461570310569226057442411103761",
"141222646611143444325146619650731631046",
"129705008597883571547080687423427338032",
"163067573093291491736463742390665117724",
"116662240200564630782194742891620402565",
"301429435530148583368016762475045066108",
"319392501251850572031089376699083262275",
"128517556116934408925292649810112310831",
"154897486283229669533782148258761294483",
"181296038309001628089732708770686442373",
"529331994227905293330925025857890284",
"172408687813032237706757868563829142167"
]
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"file": "src/3rdparty/libjpeg/src/jdmarker.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-dd034bbd",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"333269402802645106063316925667459722265",
"102742791048883488537179219822252552469",
"14423033516855330476893821920008694249",
"187738562626945295431325883379031742778",
"61954048364348906084719228146943859077",
"223689068946411398329986270536965467576",
"108355238396913764791620047959811961483",
"173000129412825813869459143952277512875",
"194926026220282121577396968966033378919",
"196098982761775612093659041087098055009",
"64845845534642826960635715080887602682",
"299840145278724710675411461908022439575",
"86923588557925156047558937764899305064",
"256830621984917240702187173136627878623",
"263232712996669396383161278143423543938",
"288036106132651775767668184853843089932",
"126156336885997469148969269204512900849"
]
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"file": "src/3rdparty/libjpeg/src/jcmaster.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-e446de86",
"signature_type": "Function",
"digest": {
"function_hash": "8667423670976454694850310049638336778",
"length": 1286.0
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"function": "jpeg_set_defaults",
"file": "src/3rdparty/libjpeg/src/jcparam.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-e8047157",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"205732786092169560953190835866449909816",
"157068406392521283438239908625514759915",
"95591474764287435303817237325523574084",
"148253672425901493956109828592924006982",
"33395593745310535341403424012224345905"
]
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"file": "src/3rdparty/libjpeg/src/jcomapi.c"
},
"deprecated": false
},
{
"id": "CVE-2024-39936-f27572c1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"235840524353470660703021357099231911180",
"96125709060957891697661255107417909062",
"1696369940499669501010694837610410559",
"118012788675233929237317989210792820590",
"181329525160450290875915559275620971127",
"218918902511246631684401247401875122747"
]
},
"signature_version": "v1",
"source": "https://github.com/qt/qtbase/commit/92b685784960eea6eb353688cf0edeb94d69c6cd",
"target": {
"file": "src/3rdparty/libjpeg/src/jcphuff.c"
},
"deprecated": false
}
]