CVE-2025-12385
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-04
Assigner: TQtC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the_qt_company | qt | * |
| the_qt_company | qt_quick | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an allocation of resources without limits or throttling due to improper validation of specified quantity in input within the Qt Quick Text component. Specifically, missing validation of the width and height attributes in the <img> tag can cause an application to allocate excessive resources, potentially making the application unresponsive.
How can this vulnerability impact me? :
The vulnerability can cause applications using the affected Qt versions to become unresponsive due to excessive resource allocation triggered by improper input validation. This can lead to denial of service conditions where the application may freeze or crash, impacting availability and user experience.