DEBIAN-CVE-2025-12385
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-12385
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-12385.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-12385
- Upstream
- Published
- 2025-12-03T20:16:24.170Z
- Modified
- 2026-03-17T02:51:03.343975Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.
- References
Affected packages
Debian:11
qtdeclarative-opensource-src
Package
- Name
- qtdeclarative-opensource-src
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.15.2+dfsg-6
5.15.2+dfsg-7
5.15.2+dfsg-8
5.15.2+dfsg-9
5.15.2+dfsg-10
5.15.3+dfsg-1
5.15.4+dfsg-1
5.15.4+dfsg-2
5.15.4+dfsg-3
5.15.4+dfsg-4
5.15.4+dfsg-4+m68k
5.15.5+dfsg-1
5.15.6+dfsg-1
5.15.6+dfsg-2
5.15.6+dfsg-2+m68k
5.15.7+dfsg-1
5.15.7+dfsg-2
5.15.8+dfsg-1
5.15.8+dfsg-2
5.15.8+dfsg-2+m68k
5.15.8+dfsg-3
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-2+m68k
5.15.10+dfsg-2+m68k.1
5.15.11+dfsg-1
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-2+hurd.1
5.15.13+dfsg-2+loong64
5.15.13+dfsg-2+m68k
5.15.15+dfsg-1
5.15.15+dfsg-2
5.15.15+dfsg-2+hurd.1
5.15.15+dfsg-3
5.15.15+dfsg-3+m68k
5.15.16+dfsg-1
5.15.17+dfsg-1
5.15.17+dfsg-2
5.15.17+dfsg-2+hurd.1
5.15.17+dfsg-3
5.15.17+dfsg-4
5.15.18+dfsg-1
5.15.18+dfsg-2
qtdeclarative-opensource-src-gles
Package
- Name
- qtdeclarative-opensource-src-gles
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src-gles?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.15.2+dfsg-2
5.15.2+dfsg-3
5.15.3+dfsg-1
5.15.4+dfsg-1
5.15.4+dfsg-2
5.15.5+dfsg-1
5.15.6+dfsg-1
5.15.6+dfsg-2
5.15.7+dfsg-1
5.15.7+dfsg-2
5.15.8+dfsg-1
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-3
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-3
5.15.15+dfsg-1
5.15.15+dfsg-2
5.15.17+dfsg-1
5.15.17+dfsg-2
5.15.18+dfsg-1
Debian:12
qt6-declarative
Package
- Name
- qt6-declarative
- Purl
- pkg:deb/debian/qt6-declarative?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.4.2+dfsg-1
6.4.2+dfsg-2
6.4.2+dfsg-3
6.4.2+dfsg-4
6.6.0+dfsg-1
6.6.0+dfsg-2
6.6.0+dfsg-3
6.6.1+dfsg-1
6.6.1+dfsg-2
6.6.1+dfsg-3
6.6.2+dfsg-1
6.6.2+dfsg-2
6.6.2+dfsg-3
6.6.2+dfsg-4
6.6.2+dfsg-4+hurd.1
6.7.2+dfsg-1
6.7.2+dfsg-2
6.7.2+dfsg-3
6.7.2+dfsg-4
6.7.2+dfsg-5
6.7.2+dfsg-6
6.7.2+dfsg-7
6.7.2+dfsg-8
6.7.2+dfsg-9
6.7.2+dfsg-10
6.7.2+dfsg-10+hurd.1
6.7.2+dfsg-11
6.8.2+dfsg-1
6.8.2+dfsg-2
6.8.2+dfsg-3
6.8.2+dfsg-4
6.8.2+dfsg-5
6.8.2+dfsg-6
6.8.2+dfsg-6+alpha
6.8.2+dfsg-6+hurd.1
6.8.2+dfsg-7
6.8.2+dfsg-7+m68k
6.9.1+dfsg-1
6.9.1+dfsg-2
6.9.2+dfsg-1
6.9.2+dfsg-2
6.9.2+dfsg-3
6.9.2+dfsg-4
6.9.2+dfsg-5
6.9.2+dfsg-6
6.10.2+dfsg-1
6.10.2+dfsg-2
6.10.2+dfsg-3
qtdeclarative-opensource-src
Package
- Name
- qtdeclarative-opensource-src
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.15.8+dfsg-3
5.15.9+dfsg-1
5.15.10+dfsg-1
5.15.10+dfsg-2
5.15.10+dfsg-2+m68k
5.15.10+dfsg-2+m68k.1
5.15.11+dfsg-1
5.15.12+dfsg-1
5.15.13+dfsg-1
5.15.13+dfsg-2
5.15.13+dfsg-2+hurd.1
5.15.13+dfsg-2+loong64
5.15.13+dfsg-2+m68k
5.15.15+dfsg-1
5.15.15+dfsg-2
5.15.15+dfsg-2+hurd.1
5.15.15+dfsg-3
5.15.15+dfsg-3+m68k
5.15.16+dfsg-1
5.15.17+dfsg-1
5.15.17+dfsg-2
5.15.17+dfsg-2+hurd.1
5.15.17+dfsg-3
5.15.17+dfsg-4
5.15.18+dfsg-1
5.15.18+dfsg-2
qtdeclarative-opensource-src-gles
Package
- Name
- qtdeclarative-opensource-src-gles
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src-gles?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13
qt6-declarative
Package
- Name
- qt6-declarative
- Purl
- pkg:deb/debian/qt6-declarative?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
qtdeclarative-opensource-src
Package
- Name
- qtdeclarative-opensource-src
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:14
qt6-declarative
Package
- Name
- qt6-declarative
- Purl
- pkg:deb/debian/qt6-declarative?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
qtdeclarative-opensource-src
Package
- Name
- qtdeclarative-opensource-src
- Purl
- pkg:deb/debian/qtdeclarative-opensource-src?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.15.17+dfsg-4