Home

Description

There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.

PUBLISHED Reserved 2025-04-11 | Published 2025-04-11 | Updated 2025-04-25 | Assigner TQtC




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Clear

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status
unaffected

Any version before 6.6.0
unaffected

6.6.0 (python) before 6.8.0
unknown

6.8.0 (python) before 6.8.4
affected

6.8.4 (python)
unaffected

Credits

oss-fuzz finder

References

www.openwall.com/lists/oss-security/2025/04/24/4

www.openwall.com/lists/oss-security/2025/04/24/5

www.openwall.com/lists/oss-security/2025/04/24/6

www.openwall.com/lists/oss-security/2025/04/25/1

www.openwall.com/lists/oss-security/2025/04/25/2

codereview.qt-project.org/c/qt/qtbase/+/635546

cve.org (CVE-2025-3512)

nvd.nist.gov (CVE-2025-3512)

Download JSON