CVE-2025-5992
published 2025-07-11CVE-2025-5992: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing…
PriorityP411low2.3CVSS 4.0
AVNACHATNPRNUIPVCNVINVALSCNSINSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.28%
19.5th percentile
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qt6-base | < qt6-base 6.8.2+dfsg-9 (forky) | qt6-base 6.8.2+dfsg-9 (forky) |
| msrc | azl3_opensc_0.23.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_opensc_0.25.1-3_on_azure_linux_3.0 | — | — |
| msrc | cbl2_opensc_0.23.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_opensc_0.23.0-4_on_cbl_mariner_2.0 | — | — |
| the_qt_company | qt | 6.6.0 – 6.8.3 | — |
| the_qt_company | qt | 6.9.0 – 6.9.1 | — |
CVSS provenance
nvdv4.02.3LOWCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv2.3LOW
vendor_msrc5.9MEDIUM
vendor_debian2.3LOW
vendor_redhat2.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
qt6: Qt6 denial of service
vendor_redhat·2025-07-11·CVSS 2.3
CVE-2025-5992 [LOW] CWE-20 qt6: Qt6 denial of service
qt6: Qt6 denial of service
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
A denial of service flaw has been discovered in the Qt library. A call to `QColorTransferGenericFunction` may cause a crash if passed a maliciously crafted ICC profile.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: qt6 (Red Hat
Debian
CVE-2025-5992: qt6-base - When passing values outside of the expected range to QColorTransferGenericFuncti...
vendor_debian·2025·CVSS 2.3
CVE-2025-5992 [LOW] CVE-2025-5992: qt6-base - When passing values outside of the expected range to QColorTransferGenericFuncti...
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
Scope: local
bookworm: open
forky: resolved (fixed in 6.8.2+dfsg-9)
sid: resolved (fixed in 6.8.2+dfsg-9)
trixie: resolved (fixed in 6.8.2+dfsg-9)
Microsoft
Opensc: side-channel leaks while stripping encryption pkcs#1 padding
vendor_msrc·2024-01-09·CVSS 5.9
CVE-2023-5992 [MEDIUM] CWE-203 Opensc: side-channel leaks while stripping encryption pkcs#1 padding
Opensc: side-channel leaks while stripping encryption pkcs#1 padding
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference
OSV
CVE-2025-5992: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when
osv·2025-07-11·CVSS 2.3
CVE-2025-5992 [LOW] CVE-2025-5992: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
GHSA
GHSA-45wh-m547-4rh9: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when
ghsa_unreviewed·2025-07-11
CVE-2025-5992 [LOW] CWE-20 GHSA-45wh-m547-4rh9: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
No detection rules found.
No public exploits indexed.
2025-07-11
Published