CVE-2025-30348

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-30348
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-30348.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-30348
Downstream
Published
2025-03-21T07:15:37Z
Modified
2025-03-24T14:08:36Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

References

Affected packages

Git / github.com/qt/qtbase

Affected ranges

Type
GIT
Repo
https://github.com/qt/qtbase
Events
Introduced
33f5e985e480283bb0ca9dea5f82643e825ba87c
Fixed
b839e9b36db3a4e50dfb34521d8ef8de1fd01969

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2025-30348-3387b664",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "186437067158102252161693471244145294825",
                    "3196199820127236270099018690354558797",
                    "47997565004052804185765343122804018581",
                    "133223339775979550669513204200982099832",
                    "215248008059573220354593739995950083528",
                    "242082338380507763625236354403237414048",
                    "274176504526971260123275701533881022635",
                    "166318677867842499487773236127259450651",
                    "260555826946734512716144602056618812145",
                    "198772433461357254702211884777351659122",
                    "43972114743790367040762895711697984362",
                    "132225601860409790534449360436511076507",
                    "331079889931794070452944818679721746592",
                    "156150653617215451977240218356227363351",
                    "142059269620376547036213094689315360947",
                    "77446894632981789070618029256269329354",
                    "3487330042488377054378778289724577096",
                    "211156414955031303194966468446069265971",
                    "266199739061057984664747524956402930804",
                    "169519564995396841249030496739776237558",
                    "190326620526125022592905246920451650604",
                    "54910059050309305348820244808323240232",
                    "142243356195079619437737713185851715108",
                    "28845740470922295595307212544250796112",
                    "104830449083243186251037488373273965642",
                    "325105661548474963556349210219840572472",
                    "16261457570594981729183514393361220107",
                    "271925461758865695018753733831661774097",
                    "274045226307217007638540803186004211052",
                    "53016057455443441865790794240103140362",
                    "182487081210814464797658304479619598745",
                    "193229981412344220281683413746870285842",
                    "90766330304832420819051431642238659500",
                    "246092940109426696683072181473718902201",
                    "241168987195559612387351016498109200410",
                    "118807844307338398672677576905960634968",
                    "280490774264171064970996240740036083472",
                    "163524962833714259614084175077185934587",
                    "275801128495452395554803322431819296221",
                    "268861500889216783713910546288720131962",
                    "17823814562945381299078885655198898769",
                    "121444329927184806420645554764891604316",
                    "26152585875614594471220570071829327585",
                    "37387130237528448366157407219072287814",
                    "160220435066399737443064727030150053586",
                    "160756624179860473503590243415830851649",
                    "329279513164500866950812007773583281383",
                    "319923387346242044560603357633623314302",
                    "103209424630052724898382052798978472741",
                    "293763653661176143166878523162159791153",
                    "153691282336165796777747355757055921221",
                    "324567730886908699054152655830379881833",
                    "308366735799095499429035485957558214611",
                    "226348280788333818895875349555907368073",
                    "241360939202176447439502357080794583161",
                    "26541165920698692706770126967969127460",
                    "64412574518962137602246272457422067212",
                    "164391643060976851825799775542248492345",
                    "318629159256435062598677653517002784315",
                    "239665845667611618158279571445413033325",
                    "179154556963248471405557515301028883335",
                    "93621135868896521628755850641473149725",
                    "31546403350842482761282433534844383838",
                    "104837492282028146096205337184655783627",
                    "293949540968280903538352693917672011553",
                    "38520217661736754106531634581505327446",
                    "181985767053677424333914772935533327137",
                    "44673159693779174397196778376113787553",
                    "212739627722244020503687701500736291917",
                    "91288595438692235345610463836839995746",
                    "162658431482416018085096252822455071659",
                    "219291947754546636415382781469371172229",
                    "70640994377933503461668631001630293906",
                    "85491198788614232907451833453662140269",
                    "124922189203366688638534523558952401864",
                    "300188996986189049052518162196875497432"
                ]
            },
            "source": "https://github.com/qt/qtbase/commit/b839e9b36db3a4e50dfb34521d8ef8de1fd01969",
            "target": {
                "file": "src/plugins/platforms/xcb/qxcbconnection_xi2.cpp"
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2025-30348-33fd7df1",
            "signature_type": "Function",
            "digest": {
                "function_hash": "287416053021551086829586509388387870719",
                "length": 3486.0
            },
            "source": "https://github.com/qt/qtbase/commit/b839e9b36db3a4e50dfb34521d8ef8de1fd01969",
            "target": {
                "file": "src/plugins/platforms/xcb/qxcbconnection_xi2.cpp",
                "function": "QXcbConnection::xi2HandleEvent"
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2025-30348-8325a09f",
            "signature_type": "Function",
            "digest": {
                "function_hash": "23149984391810061764221525553670658053",
                "length": 815.0
            },
            "source": "https://github.com/qt/qtbase/commit/b839e9b36db3a4e50dfb34521d8ef8de1fd01969",
            "target": {
                "file": "src/plugins/platforms/xcb/qxcbconnection_xi2.cpp",
                "function": "isDuplicateEvent"
            },
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}