CVE-2025-5992 — Improper Input Validation in Qt6-base

CWE-20 — Improper Input Validation CWE-203 — Observable Discrepancy6 documents6 sources

Severity

2.3LOWNVD

EPSS

0.1%

top 74.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Qt6-base THE QT Company QT Msrc Azl3 Opensc 0.23.0-1 ON Azure Linux 3.0 +3 more

Timeline

PublishedJul 11

Description

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

Affected Packages6 packages

▶debiandebian/qt6-base< qt6-base 6.8.2+dfsg-9 (forky)

▶CVEListV5the_qt_company/qt6.6.0 — 6.8.3+1

▶msrcmsrc/azl3_opensc_0.23.0-1_on_azure_linux_3.0

▶msrcmsrc/azl3_opensc_0.25.1-3_on_azure_linux_3.0

▶msrcmsrc/cbl2_opensc_0.23.0-3_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2025-5992: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when↗2025-07-11

▶

GHSA

GHSA-45wh-m547-4rh9: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when↗2025-07-11

▶

📋Vendor Advisories

Red Hat

qt6: Qt6 denial of service↗2025-07-11

▶

Debian

CVE-2025-5992: qt6-base - When passing values outside of the expected range to QColorTransferGenericFuncti...↗2025

▶

Microsoft

Opensc: side-channel leaks while stripping encryption pkcs#1 padding↗2024-01-09

▶