OSV-2025-256

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2025-256.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-256
Published
2025-04-05T00:02:36.742745Z
Modified
2025-04-05T00:02:36.743233Z
Summary
Global-buffer-overflow in QByteArray::QByteArray
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=408025086

Crash type: Global-buffer-overflow READ 15
Crash state:
QByteArray::QByteArray
KZip::openArchive
KArchive::open
References

Affected packages

OSS-Fuzz / kimageformats

Package

Name
kimageformats
Purl
pkg:generic/kimageformats

Affected ranges

Type
GIT
Repo
https://invent.kde.org/frameworks/kimageformats.git
Events
Introduced
6f588c6fd3b4345e5d697b4a3b28e7ea70576ead
Fixed
e3aefd2aa1f9be6598b24d118d7b90e9931b5172

Affected versions

v6.*

v6.13.0
v6.13.0-rc1
v6.14.0
v6.14.0-rc1

Ecosystem specific 

{
    "severity": null
}

Database specific 

{
    "fixed_range": "15bece40ec7fb038636ebbc4ff0fd74e84f7d73e:e3aefd2aa1f9be6598b24d118d7b90e9931b5172"
}