CVE-2024-25580 — Classic Buffer Overflow in QT

CWE-120 — Classic Buffer Overflow CWE-121 — Stack-based Buffer Overflow7 documents7 sources

Severity

6.2MEDIUMNVD

EPSS

0.1%

top 77.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

QT Debian Qt6-base Debian Qtbase-opensource-src +6 more

Timeline

PublishedMar 27

Latest updateDec 11

Description

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages9 packages

▶NVDqt/qt5.12.0 — 5.15.17+3

▶debiandebian/qt6-base< qt6-base 6.6.2+dfsg-8 (forky)

▶debiandebian/qtbase-opensource-src< qt6-base 6.6.2+dfsg-8 (forky)

▶debiandebian/qtbase-opensource-src-gles< qt6-base 6.6.2+dfsg-8 (forky)

▶msrcmsrc/azure_linux_3.0_arm

Patches

Patch: www.qt.io ↗Patch: www.qt.io ↗

🔴Vulnerability Details

GHSA

GHSA-2952-j2hp-678j: An issue was discovered in gui/util/qktxhandler↗2024-03-27

▶

OSV

CVE-2024-25580: An issue was discovered in gui/util/qktxhandler↗2024-03-27

▶

📋Vendor Advisories

Ubuntu

Qt vulnerability↗2025-12-11

▶

Microsoft

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur vi↗2024-03-12

▶

Red Hat

qtbase: potential buffer overflow when reading KTX images↗2024-02-15

▶

Debian

CVE-2024-25580: qt6-base - An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x be...↗2024

▶