CVE-2025-12385
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.
This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Qt Company | Qt | 5.0.0 <= 6.5.10 | affected |
| The Qt Company | Qt | 6.6.0 <= 6.8.5 | affected |
| The Qt Company | Qt | 6.9.0 <= 6.10.0 | affected |
Weaknesses
- CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling
- CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239
- https://codereview.qt-project.org/c/qt/qtdeclarative/+/687766
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.