CVE-2025-3512Heap-based Buffer Overflow in QT Company QT

CWE-122Heap-based Buffer Overflow5 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 66.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
THE QT Company QTDebian Qt6-baseDebian Qtbase-opensource-src+1 more
Timeline
PublishedApr 11

Description

There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages4 packages

debiandebian/qt6-base< qt6-base 6.8.2+dfsg-6 (forky)
CVEListV5the_qt_company/qt6.8.06.8.4
debiandebian/qtbase-opensource-src< qt6-base 6.8.2+dfsg-6 (forky)
debiandebian/qtbase-opensource-src-gles< qt6-base 6.8.2+dfsg-6 (forky)

🔴Vulnerability Details

2
OSV
CVE-2025-3512: There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter2025-04-11
GHSA
GHSA-794f-v4rm-x7r5: There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter2025-04-11

📋Vendor Advisories

2
Red Hat
qt6: Buffer overflow in QTextMarkdownImporter2025-04-11
Debian
CVE-2025-3512: qt6-base - There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. Th...2025
CVE-2025-3512 — Heap-based Buffer Overflow | cvebase