AZL-71555

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71555.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-71555

Upstream

CVE-2025-12385

Published

2025-12-03T20:16:24Z

Modified

2026-04-21T04:36:37.032159Z

Summary

CVE-2025-12385 affecting package qtdeclarative for versions less than 6.6.1-2

Details

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.

This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-12385

Affected packages

Azure Linux:3 / qtdeclarative

Package

Name: qtdeclarative
Purl: pkg:rpm/azure-linux/qtdeclarative

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71555.json"