CVE-2025-5992: CWE-20 Improper Input Validation in The Qt Company Qt
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
CVE-2025-5992: CWE-20 Improper Input Validation in The Qt Company Qt
Description
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- TQtC
- Date Reserved
- 2025-06-11T06:08:27.335Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6870b6b3a83201eaacacdbda
Added to database: 7/11/2025, 7:01:07 AM
Last updated: 7/11/2025, 7:01:07 AM
Views: 1
Related Threats
CVE-2025-6716: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in contest-gallery Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI
MediumCVE-2025-5392: CWE-94 Improper Control of Generation of Code ('Code Injection') in gb-plugins GB Forms DB
CriticalCVE-2025-5028: CWE-269 Improper Privilege Management in ESET, spol. s.r.o ESET NOD32 Antivirus
MediumCVE-2025-30026: CWE-288: Authentication Bypass Using an Alternate Path or Channel in Axis Communications AB AXIS Camera Station Pro
MediumCVE-2025-30025: CWE-502 Deserialization of Untrusted Data in Axis Communications AB AXIS Device Manager
MediumActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.