CVE-2025-12385 — Allocation of Resources Without Limits or Throttling in QT Company QT
Severity
8.7HIGHNVD
EPSS
0.2%
top 62.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 3
Latest updateDec 9
Description
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.
This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the tag could cause an application to become unresponsive.
This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.…
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Packages7 packages
▶debiandebian/qtdeclarative-opensource-src-gles< qtdeclarative-opensource-src 5.15.17+dfsg-4 (forky)
🔴Vulnerability Details
2GHSA▶
GHSA-x9vj-67g7-457m: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows↗2025-12-03
OSV▶
CVE-2025-12385: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows↗2025-12-03