OESA-2025-1757

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1757

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1757.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1757

Upstream

CVE-2025-5455

Published

2025-07-11T12:17:55Z

Modified

2025-08-12T05:52:07.649938Z

Summary

qt6-qtbase security update

Details

Qt is a software toolkit for developing applications.

Security Fix(es):

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code.

If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort).

This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.(CVE-2025-5455)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:24.03-LTS-SP2 / qt6-qtbase

Package

Name: qt6-qtbase
Purl: pkg:rpm/openEuler/qt6-qtbase&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.2-12.oe2403sp2

Ecosystem specific

{
    "x86_64": [
        "qt6-qtbase-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-debuginfo-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-debugsource-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-devel-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-examples-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-gui-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-ibase-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-mysql-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-odbc-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-postgresql-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-private-devel-6.5.2-12.oe2403sp2.x86_64.rpm",
        "qt6-qtbase-static-6.5.2-12.oe2403sp2.x86_64.rpm"
    ],
    "src": [
        "qt6-qtbase-6.5.2-12.oe2403sp2.src.rpm"
    ],
    "aarch64": [
        "qt6-qtbase-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-debuginfo-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-debugsource-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-devel-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-examples-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-gui-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-ibase-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-mysql-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-odbc-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-postgresql-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-private-devel-6.5.2-12.oe2403sp2.aarch64.rpm",
        "qt6-qtbase-static-6.5.2-12.oe2403sp2.aarch64.rpm"
    ],
    "noarch": [
        "qt6-qtbase-common-6.5.2-12.oe2403sp2.noarch.rpm"
    ]
}