CVE-2025-3512 MEDIUM

CVE-2025-3512: Buffer overflow in QTextMarkdownImporter

Vendor The Qt Company
Product Qt
Weakness CWE-122
Published April 11, 2025
Last update April 25, 2025

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Clear

What the vulnerability does

01Description

There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.

Key dates

02Disclosure timeline

April 11, 2025 CVE published
April 25, 2025 Record updated