DEBIAN-CVE-2024-25580

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-25580

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-25580.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-25580

Upstream

CVE-2024-25580

Published

2024-03-27T03:15:12Z

Modified

2025-09-19T07:34:58.411264Z

Summary

[none]

Details

An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.

References

https://security-tracker.debian.org/tracker/CVE-2024-25580

Affected packages

Debian:11

qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/debian/qtbase-opensource-src?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.2+dfsg-9+deb11u1

Affected versions

5.*

5.15.2+dfsg-9

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/debian/qtbase-opensource-src?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.8+dfsg-11+deb12u2

Affected versions

5.*

5.15.8+dfsg-11

5.15.8+dfsg-11+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

qt6-base

Package

Name: qt6-base
Purl: pkg:deb/debian/qt6-base?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.2+dfsg-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/debian/qtbase-opensource-src?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.10+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

qtbase-opensource-src-gles

Package

Name: qtbase-opensource-src-gles
Purl: pkg:deb/debian/qtbase-opensource-src-gles?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.10+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

qt6-base

Package

Name: qt6-base
Purl: pkg:deb/debian/qt6-base?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.2+dfsg-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/debian/qtbase-opensource-src?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.10+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

qtbase-opensource-src-gles

Package

Name: qtbase-opensource-src-gles
Purl: pkg:deb/debian/qtbase-opensource-src-gles?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.10+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}