CVE-2025-5992 LOW

CVE-2025-5992: Passing values outside of expected range to QColorTransferGenericFunction can cause a denial of service

Vendor The Qt Company

Product Qt

Weakness CWE-20 · Input validation

Published July 11, 2025

Last update July 11, 2025

View on NVD All CVEs

CVSS base score

2.3/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

What the vulnerability does

01Description

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.

Key dates

02Disclosure timeline

July 11, 2025 CVE published

July 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-5992 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2025-5992

CWE CWE-20

CVSS 2.3 / LOW

Affected versions

Vendor The Qt Company

Product Qt

Affected ≥ 6.6.0 and ≤ 6.8.3

Vendor The Qt Company

Product Qt

Affected ≥ 6.9.0 and ≤ 6.9.1

CVE-2025-5992: Passing values outside of expected range to QColorTransferGenericFunction can cause a denial of service

01Description

02Disclosure timeline

03References

04Related CVE