← back
CVE-2025-12385

Improper validation of <img> tag size in Text component parser

CVSS 8.7 HIGHEPSS 0.3%CWE-1284CWE-770
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
The Qt Company · Qt

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239https://codereview.qt-project.org/c/qt/qtdeclarative/+/687766