{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5992", "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "state": "PUBLISHED", "assignerShortName": "TQtC", "dateReserved": "2025-06-11T06:08:27.335Z", "datePublished": "2025-07-11T06:45:15.082Z", "dateUpdated": "2025-07-11T13:21:43.156Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Qt", "vendor": "The Qt Company", "versions": [{"lessThan": "6.6.0", "status": "unaffected", "version": "6.0.0", "versionType": "python"}, {"lessThanOrEqual": "6.8.3", "status": "affected", "version": "6.6.0", "versionType": "python"}, {"lessThanOrEqual": "6.8.3", "status": "unaffected", "version": "6.8.4", "versionType": "python"}, {"lessThanOrEqual": "6.9.1", "status": "affected", "version": "6.9.0", "versionType": "python"}, {"lessThanOrEqual": "6.9.1", "status": "unaffected", "version": "6.9.2", "versionType": "python"}]}], "credits": [{"lang": "en", "type": "finder", "value": "OSS-Fuzz"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.<p>This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.</p>"}], "value": "When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 2.3, "baseSeverity": "LOW", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "shortName": "TQtC", "dateUpdated": "2025-07-11T06:45:15.082Z"}, "references": [{"url": "https://codereview.qt-project.org/c/qt/qtbase/+/647919"}], "source": {"discovery": "EXTERNAL"}, "title": "Passing values outside of expected range to QColorTransferGenericFunction can cause a denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-11T13:21:38.235576Z", "id": "CVE-2025-5992", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T13:21:43.156Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5992", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-11T13:21:38.235576Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T13:21:40.169Z"}}], "cna": {"title": "Passing values outside of expected range to QColorTransferGenericFunction can cause a denial of service", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "OSS-Fuzz"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "The Qt Company", "product": "Qt", "versions": [{"status": "unaffected", "version": "6.0.0", "lessThan": "6.6.0", "versionType": "python"}, {"status": "affected", "version": "6.6.0", "versionType": "python", "lessThanOrEqual": "6.8.3"}, {"status": "unaffected", "version": "6.8.4", "versionType": "python", "lessThanOrEqual": "6.8.3"}, {"status": "affected", "version": "6.9.0", "versionType": "python", "lessThanOrEqual": "6.9.1"}, {"status": "unaffected", "version": "6.9.2", "versionType": "python", "lessThanOrEqual": "6.9.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://codereview.qt-project.org/c/qt/qtbase/+/647919"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.", "supportingMedia": [{"type": "text/html", "value": "When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.<p>This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "shortName": "TQtC", "dateUpdated": "2025-07-11T06:45:15.082Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5992", "state": "PUBLISHED", "dateUpdated": "2025-07-11T13:21:43.156Z", "dateReserved": "2025-06-11T06:08:27.335Z", "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "datePublished": "2025-07-11T06:45:15.082Z", "assignerShortName": "TQtC"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2."}, {"lang": "es", "value": "Al pasar valores fuera del rango esperado a QColorTransferGenericFunction, se puede producir una denegaci\u00f3n de servicio; por ejemplo, esto puede ocurrir al pasar un perfil ICC espec\u00edficamente manipulado a QColorSpace::fromICCProfile. Este problema afecta a Qt desde la versi\u00f3n 6.6.0 hasta la 6.8.3 y desde la 6.9.0 hasta la 6.9.1. Se ha corregido en las versiones 6.8.4 y 6.9.2."}], "id": "CVE-2025-5992", "lastModified": "2025-07-15T13:14:49.980", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "type": "Secondary"}]}, "published": "2025-07-11T07:15:25.207", "references": [{"source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "url": "https://codereview.qt-project.org/c/qt/qtbase/+/647919"}], "sourceIdentifier": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "type": "Secondary"}]}

{"bugzilla": {"description": "qt6: Qt6 denial of service", "id": "2379493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379493"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-20", "details": ["A denial of service flaw has been discovered in the Qt library. A call to `QColorTransferGenericFunction` may cause a crash if passed a maliciously crafted ICC profile."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-5992", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "qt6", "product_name": "Red Hat Enterprise Linux 10"}], "public_date": "2025-07-11T06:45:15Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-5992\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-5992\nhttps://codereview.qt-project.org/c/qt/qtbase/+/647919"], "threat_severity": "Low"}