CVE-2025-5992

Summary

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.

Affected Software

VendorProductVersion RangeStatus
The Qt CompanyQt6.0.0 < 6.6.0unaffected
The Qt CompanyQt6.6.0 <= 6.8.3affected
The Qt CompanyQt6.8.4 <= 6.8.3unaffected
The Qt CompanyQt6.9.0 <= 6.9.1affected
The Qt CompanyQt6.9.2 <= 6.9.1unaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References