CVE-2025-12385

Publication date 3 December 2025

Last updated 19 January 2026

Ubuntu priority

Medium

Why this priority?

Description

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Status

Package Ubuntu Release Status
qt6-declarative 25.10 questing
Vulnerable
25.04 plucky Ignored end of life, was needs-triage
24.04 LTS noble
Vulnerable
22.04 LTS jammy
Vulnerable
qtdeclarative-opensource-src 25.10 questing
Vulnerable
25.04 plucky Ignored end of life, was needs-triage
24.04 LTS noble
Vulnerable
22.04 LTS jammy
Vulnerable
20.04 LTS focal
Vulnerable
18.04 LTS bionic
Vulnerable
16.04 LTS xenial
Vulnerable
qtdeclarative-opensource-src-gles 25.10 questing
Vulnerable
25.04 plucky Ignored end of life, was needs-triage
24.04 LTS noble
Vulnerable
22.04 LTS jammy
Vulnerable
20.04 LTS focal
Vulnerable
16.04 LTS xenial
Vulnerable

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
qt6-declarative
qtdeclarative-opensource-src
qtdeclarative-opensource-src-gles

References

Other references

Access our resources on patching vulnerabilities