AZL-64361

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64361.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-64361

Upstream

CVE-2025-5455

Published

2025-06-02T09:15:21Z

Modified

2026-04-21T04:32:23.009513Z

Summary

CVE-2025-5455 affecting package qt5-qtbase for versions less than 5.12.11-18

Details

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code.

If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort).

This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5455

Affected packages

Azure Linux:2 / qt5-qtbase

Package

Name: qt5-qtbase
Purl: pkg:rpm/azure-linux/qt5-qtbase

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.11-18

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64361.json"