{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12385", "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "state": "PUBLISHED", "assignerShortName": "TQtC", "dateReserved": "2025-10-28T11:53:25.141Z", "datePublished": "2025-12-03T19:38:53.130Z", "dateUpdated": "2025-12-03T21:46:42.476Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "MacOS", "Linux", "iOS", "Android", "x86", "ARM", "64 bit", "32 bit"], "product": "Qt", "vendor": "The Qt Company", "versions": [{"lessThanOrEqual": "6.5.10", "status": "affected", "version": "5.0.0", "versionType": "python"}, {"lessThanOrEqual": "6.8.5", "status": "affected", "version": "6.6.0", "versionType": "python"}, {"lessThanOrEqual": "6.10.0", "status": "affected", "version": "6.9.0", "versionType": "python"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*", "versionEndIncluding": "6.5.10", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*", "versionEndIncluding": "6.5.10", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*", "versionEndIncluding": "6.5.10", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*", "versionEndIncluding": "6.5.10", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*", "versionEndIncluding": "6.5.10", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*", "versionEndIncluding": "6.5.10", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*", "versionEndIncluding": "6.5.10", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*", "versionEndIncluding": "6.5.10", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*", "versionEndIncluding": "6.5.10", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*", "versionEndIncluding": "6.8.5", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*", "versionEndIncluding": "6.8.5", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*", "versionEndIncluding": "6.8.5", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*", "versionEndIncluding": "6.8.5", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*", "versionEndIncluding": "6.8.5", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*", "versionEndIncluding": "6.8.5", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*", "versionEndIncluding": "6.8.5", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*", "versionEndIncluding": "6.8.5", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*", "versionEndIncluding": "6.8.5", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*", "versionEndIncluding": "6.10.0", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*", "versionEndIncluding": "6.10.0", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*", "versionEndIncluding": "6.10.0", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*", "versionEndIncluding": "6.10.0", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*", "versionEndIncluding": "6.10.0", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*", "versionEndIncluding": "6.10.0", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*", "versionEndIncluding": "6.10.0", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*", "versionEndIncluding": "6.10.0", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*", "versionEndIncluding": "6.10.0", "versionStartIncluding": "6.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.<br><p>This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the &lt;img&gt; tag could cause an application to become unresponsive.</p><p>This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.</p>"}], "value": "Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.\nThis issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.\n\nThis issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0."}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "shortName": "TQtC", "dateUpdated": "2025-12-03T19:38:53.130Z"}, "references": [{"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239"}, {"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/687766"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper validation of <img> tag size in Text component parser", "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-03T21:46:27.767155Z", "id": "CVE-2025-12385", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-03T21:46:42.476Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.\nThis issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.\n\nThis issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0."}], "id": "CVE-2025-12385", "lastModified": "2025-12-03T20:16:24.170", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "type": "Secondary"}]}, "published": "2025-12-03T20:16:24.170", "references": [{"source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239"}, {"source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/687766"}], "sourceIdentifier": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}, {"lang": "en", "value": "CWE-1284"}], "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "type": "Secondary"}]}

{}