[Interest] Improper validation of <img> tag size in Text component parser
Schimkowitsch Robert
Robert.Schimkowitsch at andritz.com
Mon Nov 10 08:25:43 CET 2025
Hi all,
See also CVE-2025-12385
As always with security bulletins from Qt these days, it doesn’t quite contain enough information to really evaluate the impact.
For example, it does not offer setting the text format to “Text.PlainText” as a mitigation strategy. Does that imply that <img> tag sizes are processed and parsed even when displaying plain texts?
Or would that actually be a valid mitigation strategy?
Kind regards
Robert Schimkowitsch
________________________________
This message and any attachments are solely for the use of the intended recipients. They may contain privileged and/or confidential information or other information protected from disclosure. If you are not an intended recipient, you are hereby notified that you received this email in error and that any review, dissemination, distribution or copying of this email and any attachment is strictly prohibited. If you have received this email in error, please contact the sender and delete the message and any attachment from your system.
ANDRITZ HYDRO GmbH
Rechtsform/ Legal form: Gesellschaft mit beschränkter Haftung / Corporation
Firmensitz/ Registered seat: Wien
Firmenbuchgericht/ Court of registry: Handelsgericht Wien
Firmenbuchnummer/ Company registration: FN 61833 g
DVR: 0605077
UID-Nr.: ATU14756806
Thank You
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20251110/6187d981/attachment.htm>
More information about the Interest
mailing list