Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:9486

Опубликовано: 03 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: qt6-qtbase security update

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling.

Security Fix(es):

  • qt5: qt6: QtCore Assertion Failure Denial of Service (CVE-2025-5455)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
qt6-qtbasex86_649.el10_0qt6-qtbase-6.8.1-9.el10_0.x86_64.rpm
qt6-qtbase-commonnoarch9.el10_0qt6-qtbase-common-6.8.1-9.el10_0.noarch.rpm
qt6-qtbase-develx86_649.el10_0qt6-qtbase-devel-6.8.1-9.el10_0.x86_64.rpm
qt6-qtbase-guix86_649.el10_0qt6-qtbase-gui-6.8.1-9.el10_0.x86_64.rpm
qt6-qtbase-mysqlx86_649.el10_0qt6-qtbase-mysql-6.8.1-9.el10_0.x86_64.rpm
qt6-qtbase-odbcx86_649.el10_0qt6-qtbase-odbc-6.8.1-9.el10_0.x86_64.rpm
qt6-qtbase-postgresqlx86_649.el10_0qt6-qtbase-postgresql-6.8.1-9.el10_0.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-5455

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-5455

ubuntu
5 месяцев назад

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.

redhat логотип

CVE-2025-5455

CVSS3: 5.3
redhat
5 месяцев назад

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.

nvd логотип

CVE-2025-5455

nvd
5 месяцев назад

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.

msrc логотип

CVE-2025-5455

msrc
3 месяца назад

Описание отсутствует

debian логотип

CVE-2025-5455

debian
5 месяцев назад

An issue was found in the private API function qDecodeDataUrl() in QtC ...