CVE-2024-25580
- Source
- https://cve.org/CVERecord?id=CVE-2024-25580
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25580.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-25580
- Downstream
- Related
- Published
- 2024-03-27T03:15:12.007Z
- Modified
- 2026-02-05T09:41:20.351905Z
- Severity
-
- 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYE2NMN67DYHYJKLAKLGR64OYI7A63AH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWTGLKC3WBDHZ5OJRSEB2QUR7XXZDLZV/
- https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images
- https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images
Affected packages
Git / github.com/qt/qt5
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qt/qt5
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
v5.*
v5.11.2
v5.11.3
v5.12.0
v5.12.1
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.13.0
v5.13.0-alpha1
v5.13.0-beta1
v5.13.0-beta2
v5.13.0-beta3
v5.13.0-beta4
v5.13.0-rc1
v5.13.0-rc2
v5.13.0-rc3
v5.13.1
v5.14.0
v5.14.0-alpha1
v5.14.0-beta1
v5.14.0-beta2
v5.14.0-beta3
v5.14.0-rc1
v5.14.0-rc2
v5.14.1
v5.14.2
v5.15.0
v5.15.0-alpha1
v5.15.0-beta1
v5.15.0-beta2
v5.15.0-beta3
v5.15.0-beta4
v5.15.0-rc1
v5.15.0-rc2
v5.15.10-lts-lgpl
v5.15.11-lts-lgpl
v5.15.12-lts-lgpl
v5.15.13-lts-lgpl
v5.15.14-lts-lgpl
v5.15.15-lts-lgpl
v5.15.16-lts-lgpl
v5.15.3-lts-lgpl
v5.15.4-lts-lgpl
v5.15.5-lts-lgpl
v5.15.6-lts-lgpl
v5.15.7-lts-lgpl
v5.15.8-lts-lgpl
v5.15.9-lts-lgpl
v6.*
v6.0.0-alpha1
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-beta3
v6.0.0-beta4
v6.0.0-beta5
v6.2.0-alpha1
v6.2.0-beta1
v6.2.0-beta2
v6.2.0-beta3
v6.2.0-beta4
v6.2.10-lts-lgpl
v6.2.11-lts-lgpl
v6.2.5-lts-lgpl
v6.2.6-lts-lgpl
v6.2.7-lts-lgpl
v6.2.8-lts-lgpl
v6.2.9-lts-lgpl
v6.5.0-beta1
v6.5.0-beta2
v6.5.0-beta3
v6.5.4-lts-lgpl
v6.6.0-beta1
v6.6.0-beta2
v6.6.0-beta3
v6.6.0-beta4
Git / github.com/qt/qtbase
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qt/qtbase
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
v5.*
v5.11.3
v5.12.0
v5.12.1
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.13.0
v5.13.0-alpha1
v5.13.0-beta1
v5.13.0-beta2
v5.13.0-beta3
v5.13.0-beta4
v5.13.0-rc1
v5.13.0-rc2
v5.13.0-rc3
v5.13.1
v5.13.2
v5.14.0
v5.14.0-alpha1
v5.14.0-beta1
v5.14.0-beta2
v5.14.0-beta3
v5.14.0-rc1
v5.14.0-rc2
v5.14.1
v5.14.2
v5.15.0
v5.15.0-alpha1
v5.15.0-beta1
v5.15.0-beta2
v5.15.0-beta3
v5.15.0-beta4
v5.15.0-rc1
v5.15.0-rc2
v5.15.10-lts-lgpl
v5.15.11-lts-lgpl
v5.15.12-lts-lgpl
v5.15.13-lts-lgpl
v5.15.14-lts-lgpl
v5.15.15-lts-lgpl
v5.15.16-lts-lgpl
v5.15.3-lts-lgpl
v5.15.4-lts-lgpl
v5.15.5-lts-lgpl
v5.15.6-lts-lgpl
v5.15.7-lts-lgpl
v5.15.8-lts-lgpl
v5.15.9-lts-lgpl
v6.*
v6.0.0-alpha1
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-beta3
v6.0.0-beta4
v6.0.0-beta5
v6.2.0-alpha1
v6.2.0-beta1
v6.2.0-beta2
v6.2.0-beta3
v6.2.0-beta4
v6.2.10-lts-lgpl
v6.2.11-lts-lgpl
v6.2.5-lts-lgpl
v6.2.6-lts-lgpl
v6.2.7-lts-lgpl
v6.2.8-lts-lgpl
v6.2.9-lts-lgpl
v6.5.0-beta1
v6.5.0-beta2
v6.5.0-beta3
v6.5.4-lts-lgpl
v6.6.0-beta1
v6.6.0-beta2
v6.6.0-beta3
v6.6.0-beta4
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/qt/qtbase/commit/c8c0c677693c047a9dbf94c2a88eb920ed11acc8",
"id": "CVE-2024-25580-0355e429",
"target": {
"file": "src/tools/qlalr/cppgenerator.cpp",
"function": "CppGenerator::copyrightHeader"
},
"digest": {
"function_hash": "136461757324256813282022259417379127365",
"length": 158.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/qt/qtbase/commit/dec1863c7dc63e5788b0c6c061d36e856a6ae2b2",
"id": "CVE-2024-25580-462199ff",
"target": {
"file": "src/gui/util/qktxhandler.cpp",
"function": "QKtxHandler::decodeKeyValues"
},
"digest": {
"function_hash": "7364416592394577119437940976907996060",
"length": 735.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/qt/qtbase/commit/c8c0c677693c047a9dbf94c2a88eb920ed11acc8",
"id": "CVE-2024-25580-495911c7",
"target": {
"file": "src/tools/qlalr/cppgenerator.cpp"
},
"digest": {
"line_hashes": [
"19558493098812227728671165474361015392",
"106008374532169155072527926556305774515",
"188893840817205926988204630655514730863",
"235179633474731591380608793762610541546"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/qt/qtbase/commit/dec1863c7dc63e5788b0c6c061d36e856a6ae2b2",
"id": "CVE-2024-25580-62991e15",
"target": {
"file": "tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp"
},
"digest": {
"line_hashes": [
"163025544936468673396887582351900526570",
"192599772146138582938962858926520246855",
"121204903762595879395660416776397810880",
"218506546214480638963447889292690177668",
"131206179422142810249228455466547622028",
"169148247452786850530522787300885566438"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/qt/qtbase/commit/dec1863c7dc63e5788b0c6c061d36e856a6ae2b2",
"id": "CVE-2024-25580-6ac07c49",
"target": {
"file": "src/gui/util/qktxhandler.cpp",
"function": "QKtxHandler::canRead"
},
"digest": {
"function_hash": "60956471746684524945346742045230509622",
"length": 192.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/qt/qtbase/commit/dec1863c7dc63e5788b0c6c061d36e856a6ae2b2",
"id": "CVE-2024-25580-85c4da1f",
"target": {
"file": "src/gui/util/qktxhandler.cpp"
},
"digest": {
"line_hashes": [
"326791891951963302053498062007251604819",
"216501027714726516523260120877272770458",
"272316552540469537871419769208699747618",
"32756698102141330989931102338427760486",
"329085638427952370887499885194417094983",
"23992358934044123184146740662218759827",
"111420295665237001369063300250837057494",
"339921958229784533062656756998393974902",
"320457186581665594816885113759724029589",
"217155106427057612529695096959215002128",
"132063340904007978087212222386502296766",
"188353106039990923234557425075788070445",
"8473008348859982688628834671963097431",
"42428422552339712291675158392287383392",
"118450234344262773107008053217091128207",
"113978529423858291344594895384995680573",
"19188762913395271922019310197400478496",
"94731894940777509700646632370358911991",
"206579650303715150429769429304149393109",
"158044226728775515387637253804320166329",
"294900422571405337628917297662874063906",
"274144141498473902106102085549854312372",
"96236304093679483433446031978348595400",
"277809073397358023385567583554632736246",
"283512247336100706603413140741368060152",
"112955549893255764185096396270281853878",
"93089557951267292991403958030426040967",
"272303951869674331560001035679443752771",
"99970391310837704637120259889309993960",
"140491642941314039424598136395132568500",
"82425384615181284430715866001033073399",
"244895088819555936231521581995418052389",
"286860707805905689909930365340038990419",
"239870289400057756564903324715151891820",
"205857025933664987542535830034386165813",
"185256357155209013487235556466228204687",
"313625977436023324073035698239638724524",
"298689686129004949388916287062787044767",
"257634073108725076925535315757115026244",
"273513797962591852547449113704351648476",
"116720770702985978231634603541944901376",
"260705184382809755010022288052788629682",
"209075497822928170618318771371373013112",
"167730221265140455077897914573806345955",
"262297745719240115032485584871482723758",
"312537045819153036586834294189931422334",
"90853907946704080172202977536754825739",
"233753438766578678551593957161454133521",
"171900717941769559318162075811107177176",
"73481453844480851765101099994755109643",
"223806874672977638569733942405565929788",
"279563880410908758317228758824101779342",
"59265332618951206024076635072161489916",
"284679932794797200761486766510381587131",
"6062148158586369252781625970162716544",
"55964092935897503430526652068475996616",
"241670279024805347673473354765222283401",
"72975930225814918375803833441984993679",
"58293507839107831635187045894736830875",
"322287645065413365969281015760476821568",
"91881551019884164228114603971124350767",
"91698441258791324708047973243870805667",
"75660462155697043975284469895546951126",
"72832898569556524298313240615759476984",
"196158815946406060608327729606793116348",
"208171843212904890205401292669084500816",
"298504100938338821177903776210171852460",
"12385753637530777424050096468058906625",
"220970122788446913640296160606462900808",
"211637163825161736622392903579643335239",
"156944970459392248563646670762345293807",
"54871384128103068577648035189243511684",
"316987147565135293733267095739034607580",
"242516089558919917119599336241103995525",
"41201070085319439605240516280312037260",
"175416545714977225076087158803894547208",
"324945013111721331764264708185658314428",
"23407635790766161537621439751219680210"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/qt/qtbase/commit/dec1863c7dc63e5788b0c6c061d36e856a6ae2b2",
"id": "CVE-2024-25580-c5e52c72",
"target": {
"file": "src/gui/util/qktxhandler.cpp",
"function": "withPadding"
},
"digest": {
"function_hash": "307336593277657630736852378315688205833",
"length": 144.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/qt/qtbase/commit/dec1863c7dc63e5788b0c6c061d36e856a6ae2b2",
"id": "CVE-2024-25580-e66d7216",
"target": {
"file": "src/gui/util/qktxhandler.cpp",
"function": "QKtxHandler::read"
},
"digest": {
"function_hash": "2500646054964973657236404764740378148",
"length": 1996.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/qt/qtbase/commit/dec1863c7dc63e5788b0c6c061d36e856a6ae2b2",
"id": "CVE-2024-25580-f7b1a2a7",
"target": {
"file": "src/gui/util/qktxhandler_p.h"
},
"digest": {
"line_hashes": [
"153103572155014416452620909264860982546",
"293763830944613902788866577175215898927",
"135489548238572539311258804692019884127",
"15772471024379444214167190962107309446",
"270376144655553600952382251816304575273",
"229399418970970037446185672734695865297"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25580.json"