CVE-2024-25580
published 2024-03-27CVE-2024-25580: An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer…
PriorityP422medium6.2CVSS 3.1
AVLACLPRNUINSUCNINAH
EPSS
0.32%
23.8th percentile
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qt6-base | < qt6-base 6.6.2+dfsg-8 (forky) | qt6-base 6.6.2+dfsg-8 (forky) |
| debian | qtbase-opensource-src | < qt6-base 6.6.2+dfsg-8 (forky) | qt6-base 6.6.2+dfsg-8 (forky) |
| debian | qtbase-opensource-src-gles | < qt6-base 6.6.2+dfsg-8 (forky) | qt6-base 6.6.2+dfsg-8 (forky) |
| msrc | azl3_qtbase_6.6.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_qtbase_6.6.2-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_qt5-qtbase_5.12.11-15_on_cbl_mariner_2.0 | — | — |
| qt | qt | >= 5.12.0 < 5.15.17 | 5.15.17 |
| qt | qt | >= 6.0.0 < 6.2.12 | 6.2.12 |
| qt | qt | >= 6.3.0 < 6.5.5 | 6.5.5 |
| qt | qt | >= 6.6.0 < 6.6.2 | 6.6.2 |
CVSS provenance
nvdv3.16.2MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv6.2MEDIUM
vendor_debian6.2MEDIUM
vendor_msrc6.2MEDIUM
vendor_redhat6.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Qt vulnerability
vendor_ubuntu·2025-12-11
CVE-2024-25580 Qt vulnerability
Title: Qt vulnerability
Summary: Qt could be made to crash or run programs as your login if it
opened a specially crafted file.
It was discovered that Qt did not correctly handle certain memory
operations. If a user or automated system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to
cause a denial of service or execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur vi
vendor_msrc·2024-03-12·CVSS 6.2
CVE-2024-25580 [MEDIUM] CWE-120 An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur vi
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is ide
Red Hat
qtbase: potential buffer overflow when reading KTX images
vendor_redhat·2024-02-15·CVSS 6.2
CVE-2024-25580 [MEDIUM] CWE-121 qtbase: potential buffer overflow when reading KTX images
qtbase: potential buffer overflow when reading KTX images
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
A vulnerability has been discovered in Qt Base, wherein an attacker can exploit a specially crafted KTX image file to induce a buffer overflow within the application parsing it. This overflow can subsequently result in a denial-of-service condition, rendering the affected application inaccessible or non-responsive.
Statement: The CVE-2024-25580 vulnerability in Qt's KTX image handling module is classified as having a moderate severity rather than being deemed important due to several factors. While the
Debian
CVE-2024-25580: qt6-base - An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x be...
vendor_debian·2024·CVSS 6.2
CVE-2024-25580 [MEDIUM] CVE-2024-25580: qt6-base - An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x be...
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
Scope: local
bookworm: open
forky: resolved (fixed in 6.6.2+dfsg-8)
sid: resolved (fixed in 6.6.2+dfsg-8)
trixie: resolved (fixed in 6.6.2+dfsg-8)
GHSA
GHSA-2952-j2hp-678j: An issue was discovered in gui/util/qktxhandler
ghsa_unreviewed·2024-03-27
CVE-2024-25580 [MEDIUM] CWE-120 GHSA-2952-j2hp-678j: An issue was discovered in gui/util/qktxhandler
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
OSV
CVE-2024-25580: An issue was discovered in gui/util/qktxhandler
osv·2024-03-27·CVSS 6.2
CVE-2024-25580 [MEDIUM] CVE-2024-25580: An issue was discovered in gui/util/qktxhandler
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-imageshttps://lists.fedoraproject.org/archives/list/[email protected]/message/SYE2NMN67DYHYJKLAKLGR64OYI7A63AH/https://lists.fedoraproject.org/archives/list/[email protected]/message/ZWTGLKC3WBDHZ5OJRSEB2QUR7XXZDLZV/https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images
2024-03-27
Published