CVE-2025-30348

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-30348
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30348.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-30348
Downstream
Related
Published
2025-03-21T07:15:37Z
Modified
2025-10-26T03:33:40Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

References

Affected packages

Git / github.com/qt/qt5

Affected ranges

Type
GIT
Repo
https://github.com/qt/qt5
Events
Introduced
244fc454356bc9fb31a30692b8645cbfd91dc52c
Fixed
0c20a491c1fbf6439d81c073eaff268ed4bf2c32

Git / github.com/qt/qtbase

Affected ranges

Type
GIT
Repo
https://github.com/qt/qtbase
Events
Introduced
33f5e985e480283bb0ca9dea5f82643e825ba87c
Fixed
b839e9b36db3a4e50dfb34521d8ef8de1fd01969

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/qt/qtbase/commit/b839e9b36db3a4e50dfb34521d8ef8de1fd01969",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "src/plugins/platforms/xcb/qxcbconnection_xi2.cpp"
        },
        "id": "CVE-2025-30348-3387b664",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "186437067158102252161693471244145294825",
                "3196199820127236270099018690354558797",
                "47997565004052804185765343122804018581",
                "133223339775979550669513204200982099832",
                "215248008059573220354593739995950083528",
                "242082338380507763625236354403237414048",
                "274176504526971260123275701533881022635",
                "166318677867842499487773236127259450651",
                "260555826946734512716144602056618812145",
                "198772433461357254702211884777351659122",
                "43972114743790367040762895711697984362",
                "132225601860409790534449360436511076507",
                "331079889931794070452944818679721746592",
                "156150653617215451977240218356227363351",
                "142059269620376547036213094689315360947",
                "77446894632981789070618029256269329354",
                "3487330042488377054378778289724577096",
                "211156414955031303194966468446069265971",
                "266199739061057984664747524956402930804",
                "169519564995396841249030496739776237558",
                "190326620526125022592905246920451650604",
                "54910059050309305348820244808323240232",
                "142243356195079619437737713185851715108",
                "28845740470922295595307212544250796112",
                "104830449083243186251037488373273965642",
                "325105661548474963556349210219840572472",
                "16261457570594981729183514393361220107",
                "271925461758865695018753733831661774097",
                "274045226307217007638540803186004211052",
                "53016057455443441865790794240103140362",
                "182487081210814464797658304479619598745",
                "193229981412344220281683413746870285842",
                "90766330304832420819051431642238659500",
                "246092940109426696683072181473718902201",
                "241168987195559612387351016498109200410",
                "118807844307338398672677576905960634968",
                "280490774264171064970996240740036083472",
                "163524962833714259614084175077185934587",
                "275801128495452395554803322431819296221",
                "268861500889216783713910546288720131962",
                "17823814562945381299078885655198898769",
                "121444329927184806420645554764891604316",
                "26152585875614594471220570071829327585",
                "37387130237528448366157407219072287814",
                "160220435066399737443064727030150053586",
                "160756624179860473503590243415830851649",
                "329279513164500866950812007773583281383",
                "319923387346242044560603357633623314302",
                "103209424630052724898382052798978472741",
                "293763653661176143166878523162159791153",
                "153691282336165796777747355757055921221",
                "324567730886908699054152655830379881833",
                "308366735799095499429035485957558214611",
                "226348280788333818895875349555907368073",
                "241360939202176447439502357080794583161",
                "26541165920698692706770126967969127460",
                "64412574518962137602246272457422067212",
                "164391643060976851825799775542248492345",
                "318629159256435062598677653517002784315",
                "239665845667611618158279571445413033325",
                "179154556963248471405557515301028883335",
                "93621135868896521628755850641473149725",
                "31546403350842482761282433534844383838",
                "104837492282028146096205337184655783627",
                "293949540968280903538352693917672011553",
                "38520217661736754106531634581505327446",
                "181985767053677424333914772935533327137",
                "44673159693779174397196778376113787553",
                "212739627722244020503687701500736291917",
                "91288595438692235345610463836839995746",
                "162658431482416018085096252822455071659",
                "219291947754546636415382781469371172229",
                "70640994377933503461668631001630293906",
                "85491198788614232907451833453662140269",
                "124922189203366688638534523558952401864",
                "300188996986189049052518162196875497432"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/qt/qtbase/commit/b839e9b36db3a4e50dfb34521d8ef8de1fd01969",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "QXcbConnection::xi2HandleEvent",
            "file": "src/plugins/platforms/xcb/qxcbconnection_xi2.cpp"
        },
        "id": "CVE-2025-30348-33fd7df1",
        "digest": {
            "length": 3486.0,
            "function_hash": "287416053021551086829586509388387870719"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/qt/qtbase/commit/b839e9b36db3a4e50dfb34521d8ef8de1fd01969",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "isDuplicateEvent",
            "file": "src/plugins/platforms/xcb/qxcbconnection_xi2.cpp"
        },
        "id": "CVE-2025-30348-8325a09f",
        "digest": {
            "length": 815.0,
            "function_hash": "23149984391810061764221525553670658053"
        },
        "signature_type": "Function"
    }
]