The Qt Company Qt vulnerabilities

CVE-2025-12385 [HIGH] CWE-770 CVE-2025-12385: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in I Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the tag could

CVE-2025-6338 [CRITICAL] CWE-459 CVE-2025-6338: There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can l There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2.

CVE-2025-10728 [CRITICAL] CWE-674 CVE-2025-10728: When the module renders a Svg file that contains a <pattern> element, it might end up rendering it r When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS

CVE-2025-10729 [CRITICAL] CWE-416 CVE-2025-10729: The module will parse a <pattern> node which is not a child of a structural node. The node will be d The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

CVE-2025-5992 [LOW] CWE-20 CVE-2025-5992: When passing values outside of the expected range to QColorTransferGenericFunction it can cause a de When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.

CVE-2025-5991 [LOW] CWE-416 CVE-2025-5991: There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. Thi There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Q

CVE-2025-5683 [MEDIUM] CWE-770 CVE-2025-5683: When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. T When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.

CVE-2025-5455 [HIGH] CWE-20 CVE-2025-5455: An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDoc An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then

CVE-2025-3512 [MEDIUM] CWE-122 CVE-2025-3512: There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incor There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.

CVE-2024-38081 [HIGH] CWE-59 CVE-2024-38081: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability