Name | CVE-2025-5683 |
Description | When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Debian Bugs | 1107317, 1107318 |
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
Notes
[bookworm] - qtimageformats-opensource-src <no-dsa> (Minor issue)
[bullseye] - qtimageformats-opensource-src <postponed> (Minor issue; DoS)
[bookworm] - qt6-imageformats <no-dsa> (Minor issue)
https://codereview.qt-project.org/c/qt/qtimageformats/+/644548
https://github.com/qt/qtimageformats/commit/efd332516f510144927121fa749ce819b82ec633