MGASA-2025-0212

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0212.html

Import Source

https://advisories.mageia.org/MGASA-2025-0212.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2025-0212

Related

CVE-2025-5455

Published

2025-07-22T16:34:04Z

Modified

2025-07-22T15:53:55Z

Summary

Updated qtbase6 & qtbase5 packages fix security vulnerability

Details

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / qtbase6

Package

Name: qtbase6
Purl: pkg:rpm/mageia/qtbase6?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.1-5.2.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / qtbase5

Package

Name: qtbase5
Purl: pkg:rpm/mageia/qtbase5?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.7-6.2.mga9

Ecosystem specific

{
    "section": "core"
}