CVE-2025-5455

216.73.217.22

· Published 02/06/2025 09:15 · Modified 02/06/2025 17:32

Labels: CVE-2025-5455 2025-06-02 CVE-2025-5455 CWE-20 a59d8014-47c4-4630-ab43-e1b13cbe58e3

Essential information

Published: 02/06/2025 09:15
Modified: 02/06/2025 17:32
Author: —
Creator: —
CVSS: 8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: a59d8014-47c4-4630-ab43-e1b13cbe58e3
NVD: View on NVD

Affected products (CPE)

Product	CPE
qt / qt	`cpe:2.3:a:qt:qt::5.15.0-5.15.18::::::*`
qt / qt	`cpe:2.3:a:qt:qt::6.0.0-6.5.8::::::*`
qt / qt	`cpe:2.3:a:qt:qt::6.6.0-6.8.3::::::*`
qt / qt	`cpe:2.3:a:qt:qt::6.9.0::::::*`