CVE-2025-5683
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-05
Last updated on: 2025-10-15
Assigner: TQtC
Description
Description
When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash.Β This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qt | qt | From 6.3.0 (inc) to 6.5.10 (exc) |
| qt | qt | From 6.6.0 (inc) to 6.8.5 (exc) |
| qt | qt | From 6.9.0 (inc) to 6.9.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when QImage loads a specially crafted ICNS format image file, which triggers a crash in the application. It affects certain versions of the Qt framework and is fixed in later versions.
How can this vulnerability impact me? :
The vulnerability can cause an application using the affected Qt versions to crash when processing malicious ICNS image files, potentially leading to denial of service or disruption of normal operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Qt to versions 6.5.10, 6.8.5, or 6.9.1 or later, where the issue is fixed.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70