CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash.This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
TQtCCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
qt6-imageformats
bookworm
vulnerable
sid
vulnerable
trixie
vulnerable
qtimageformats-opensource-src
bullseye
vulnerable
bookworm
vulnerable
sid
vulnerable
trixie
vulnerable
Vulnerability Media Exposure
References
https://codereview.qt-project.org/c/qt/qtimageformats/+/644548
https://issues.oss-fuzz.com/issues/415350704