CVE-2025-30348

Опубликовано: 21 мар. 2025

Источник: debian

EPSS Низкий

Описание

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
qt6-base	fixed	6.8.2+dfsg-5		package
qt6-base	no-dsa		bookworm	package
qtbase-opensource-src	not-affected			package
qtbase-opensource-src-gles	not-affected			package

Примечания

https://github.com/qt/qtbase/commit/2ce08e3671b8d18b0284447e5908ce15e6e8f80f (v6.9.0-beta1)
https://github.com/qt/qtbase/commit/225e235cf966a44af23dbe9aaaa2fd20ab6430ee (v6.8.0-rc1)
https://codereview.qt-project.org/c/qt/qtbase/+/581442
https://bugreports.qt.io/browse/QTBUG-127549

EPSS

Процентиль: 19%

0.00061

Низкий

Связанные уязвимости

CVE-2025-30348

CVSS3: 5.8

ubuntu

3 месяца назад

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

CVE-2025-30348

CVSS3: 5.8

nvd

3 месяца назад

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

CVE-2025-30348

CVSS3: 5.3

msrc

3 месяца назад

Описание отсутствует

GHSA-hc3c-6xqp-r265

CVSS3: 5.8

github

3 месяца назад

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

EPSS

Процентиль: 19%

0.00061

Низкий