cbcvebase.
CVE-2024-25580
published 2024-03-27

CVE-2024-25580: An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer…

PriorityP422medium6.2CVSS 3.1
AVLACLPRNUINSUCNINAH
EPSS
0.32%
23.8th percentile
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianqt6-base< qt6-base 6.6.2+dfsg-8 (forky)qt6-base 6.6.2+dfsg-8 (forky)
debianqtbase-opensource-src< qt6-base 6.6.2+dfsg-8 (forky)qt6-base 6.6.2+dfsg-8 (forky)
debianqtbase-opensource-src-gles< qt6-base 6.6.2+dfsg-8 (forky)qt6-base 6.6.2+dfsg-8 (forky)
msrcazl3_qtbase_6.6.1-1_on_azure_linux_3.0
msrcazl3_qtbase_6.6.2-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_qt5-qtbase_5.12.11-15_on_cbl_mariner_2.0
qtqt>= 5.12.0 < 5.15.175.15.17
qtqt>= 6.0.0 < 6.2.126.2.12
qtqt>= 6.3.0 < 6.5.56.5.5
qtqt>= 6.6.0 < 6.6.26.6.2

CVSS provenance

nvdv3.16.2MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv6.2MEDIUM
vendor_debian6.2MEDIUM
vendor_msrc6.2MEDIUM
vendor_redhat6.2MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.