[Development] [Announce] Security advisory: Recently reported denial of service issue in QColorTransferGenericFunction impacts Qt
Allan Sandfeld Jensen
kde at carewolf.com
Tue Jul 15 17:22:58 CEST 2025
On Tuesday, 15 July 2025 00:55:48 Central European Summer Time Ilya Fedin
wrote:
>
> Could it be used indirectly via other Qt APIs? Is e.g. reading images
> via QImage from untrusted sources affected? Is there a full list of Qt
> APIs affected?
It only affects the QColorSpace and if you use single color transform to or
from them, AND have built Qt in debug mode where it will trigger an assert as
one of the color values become infinite and upon further work upon it NaN
which could escape simple value clamping, but still trigger a later assert
that clamping was successful. So yes it can apply to a QImage, but only if you
then access the QImage::colorSpace() create a QColorTransform to or from it,
and use that to convert a QColor. If you do any other transform on them or is
running in release, the behavior is technically undefined but will in practice
only affect the output pixels, depending on what your CPU architecture does
with NaN or INF float when converted to an integer.
Best regards
Allan
More information about the Development
mailing list