CVE-2025-3512
published 2025-04-11CVE-2025-3512: There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to…
PriorityP420medium4.8CVSS 4.0
AVLACLATNPRNUIPVCNVINVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUClear
EPSS
0.20%
9.7th percentile
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qt6-base | < qt6-base 6.8.2+dfsg-6 (forky) | qt6-base 6.8.2+dfsg-6 (forky) |
| debian | qtbase-opensource-src | < qt6-base 6.8.2+dfsg-6 (forky) | qt6-base 6.8.2+dfsg-6 (forky) |
| debian | qtbase-opensource-src-gles | < qt6-base 6.8.2+dfsg-6 (forky) | qt6-base 6.8.2+dfsg-6 (forky) |
| the_qt_company | qt | >= 6.8.0 < 6.8.4 | 6.8.4 |
CVSS provenance
nvdv4.04.8MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
osv4.8MEDIUM
vendor_debian4.8LOW
vendor_redhat4.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
qt6: Buffer overflow in QTextMarkdownImporter
vendor_redhat·2025-04-11·CVSS 4.8
CVE-2025-3512 [MEDIUM] CWE-122 qt6: Buffer overflow in QTextMarkdownImporter
qt6: Buffer overflow in QTextMarkdownImporter
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.
A flaw was found in QT. This vulnerability allows a heap-based buffer overflow via a specially crafted, incorrectly formatted markdown file.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: qt6 (Red Hat Enterprise Linux 10)
Debian
CVE-2025-3512: qt6-base - There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. Th...
vendor_debian·2025·CVSS 4.8
CVE-2025-3512 [MEDIUM] CVE-2025-3512: qt6-base - There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. Th...
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.
Scope: local
bookworm: resolved
forky: resolved (fixed in 6.8.2+dfsg-6)
sid: resolved (fixed in 6.8.2+dfsg-6)
trixie: resolved (fixed in 6.8.2+dfsg-6)
OSV
CVE-2025-3512: There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter
osv·2025-04-11·CVSS 4.8
CVE-2025-3512 [MEDIUM] CVE-2025-3512: There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.
GHSA
GHSA-794f-v4rm-x7r5: There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter
ghsa_unreviewed·2025-04-11
CVE-2025-3512 [MEDIUM] CWE-122 GHSA-794f-v4rm-x7r5: There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://codereview.qt-project.org/c/qt/qtbase/+/635546http://www.openwall.com/lists/oss-security/2025/04/24/4http://www.openwall.com/lists/oss-security/2025/04/24/5http://www.openwall.com/lists/oss-security/2025/04/24/6http://www.openwall.com/lists/oss-security/2025/04/25/1http://www.openwall.com/lists/oss-security/2025/04/25/2
2025-04-11
Published