Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Mageia 9: QtBase6 & QtBase5 Critical DoS CVE-2025-5455 Advisory 2025-0212

mageia
Calendar Grey July 22, 2025
Dist Mageia Esm H88
A critical alert for Mageia users warns of a denial of service vulnerability in qtbase5 and qtbase6 from improper handling of malformed data, urging prompt updates and audits
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code

Summary

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0.

References

- https://bugs.mageia.org/show_bug.cgi?id=34444

-

- https://www.cve.org/CVERecord?id=CVE-2025-5455

Topics%20covered

Topics Covered

security advisory denial of service critical Mageia qtbase5 qtbase6

Resolution

SRPMS

- 9/core/qtbase6-6.4.1-5.2.mga9

- 9/core/qtbase5-5.15.7-6.2.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 22 Jul 2025
URL: https://advisories.mageia.org/MGASA-2025-0212.html
Type: security
CVE: CVE-2025-5455

Topics%20covered

Topics Covered

security advisory denial of service critical Mageia qtbase5 qtbase6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here