CVE-2024-25580
Published: 27 March 2024
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
Priority
Status
Package | Release | Status |
---|---|---|
qt6-base Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
noble |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
qtbase-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
noble |
Needs triage
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(5.15.10+dfsg-7)
|
|
xenial |
Needs triage
|
|
qtbase-opensource-src-gles Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
noble |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2264423
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=28ecb523ce8490bff38b251b3df703c72e057519
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=dec1863c7dc63e5788b0c6c061d36e856a6ae2b2 (v6.6.2)
- https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff
- https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images
- https://www.cve.org/CVERecord?id=CVE-2024-25580
- NVD
- Launchpad
- Debian