[Development] [Announce] Security advisory: Potential Buffer Overflow when reading KTX images
List for announcements regarding Qt releases and development via Announce
announce at qt-project.org
Thu Feb 15 13:00:41 CET 2024
Hi,
A recently reported potential buffer overflow issue in Qt’s KTX’s image handling has been assigned the CVE id CVE-2024-25580.
An issue was discovered in Qt from 5.12.0 through 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2.
With a specifically crafted KTX image file it is possible that the application reading it could cause an overflow and subsequently a crash.
Solution: Apply the following patch or update to Qt 5.15.17, Qt 6.2.12, Qt 6.5.5 or Qt 6.6.2.
Patches:
dev: https://codereview.qt-project.org/c/qt/qtbase/+/536680
Qt 6.6: https://codereview.qt-project.org/c/qt/qtbase/+/538907 or https://download.qt.io/official_releases/qt/6.6/CVE-2024-25580-qtbase-6.6.diff
Qt 6.5: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/539051 or https://download.qt.io/official_releases/qt/6.5/CVE-2024-25580-qtbase-6.5.diff
Qt 6.2: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/539174 or https://download.qt.io/official_releases/qt/6.2/CVE-2024-25580-qtbase-6.2.diff
Qt 5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/539259 or https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff
Kind regards,
Andy
--
Andy Shaw
Director, Technical Customer Success
The Qt Company
_______________________________________________
Announce mailing list
Announce at qt-project.org
https://lists.qt-project.org/listinfo/announce
More information about the Development
mailing list