[Announce] Security advisory: Recently reported denial of service issue in QColorTransferGenericFunction impacts Qt
List for announcements regarding Qt releases and development
announce at qt-project.org
Fri Jul 11 11:00:00 CEST 2025
Hi,
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.
This has been assigned the CVE id CVE-2025-5992.
Affected versions: Qt from 6.8.0 through 6.8.3, from 6.9.0 through 6.9.1.
Vulnerability Score: CVSS v4.0: 2.3
Solution: As a workaround if you are loading ICC profiles then ensure that you are doing so from a trusted source. Alternatively, you can apply the appropriate patch for your Qt version:
6.9: https://download.qt.io/official_releases/qt/6.9/CVE-2025-5992-qtbase-6.9.patch or https://codereview.qt-project.org/c/qt/qtbase/+/657023<https://download.qt.io/official_releases/qt/6.9/CVE-2025-5992-qtbase-6.9.patch>
6.8: https://download.qt.io/official_releases/qt/6.8/CVE-2025-5992-qtbase-6.8.patch or https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/657094<https://download.qt.io/official_releases/qt/6.8/CVE-2025-5992-qtbase-6.8.patch>
Kind regards,
Andy
--
Andy Shaw,
Director, Customer Services - SQS
The Qt Company
Confidential
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/announce/attachments/20250711/d4f8262e/attachment.htm>
More information about the Announce
mailing list