CVE-2025-5991 — Use After Free in QT Company QT

CWE-416 — Use After Free CWE-125 — Out-of-bounds Read7 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 75.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

10

THE QT Company QT Debian Qt6-base Debian Qtbase-opensource-src +7 more

Timeline

PublishedJun 11

Description

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Packages10 packages

▶debiandebian/qt6-base

▶CVEListV5the_qt_company/qt6.9.0

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

▶msrcmsrc/cbl_mariner_2.0_arm

🔴Vulnerability Details

3

GHSA

GHSA-xv5c-vg59-hj7x: There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module↗2025-06-11

▶

OSV

CVE-2025-5991: There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module↗2025-06-11

▶

OSV

CVE-2025-5991: There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module↗2025-06-11

▶

📋Vendor Advisories

3

Red Hat

qt: Use after free in Qt↗2025-06-11

▶

Debian

CVE-2025-5991: qt6-base - There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the Q...↗2025

▶

Microsoft

Buffer overread in domain name matching↗2024-08-13

▶

CVE-2025-5991 — Use After Free in THE QT Company QT | cvebase