Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8357-1 advisory.

    It was discovered that Qt Declarative did not properly validate the width and height attributes of image     tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative     to use excessive resources, leading to a denial of service.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of qt5-qtdeclarative installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3101 advisory.

    Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input     vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows     Excessive Allocation.This issue affects users of the Text component in Qt Quick. Missing validation of the     width and height in the <img> tag could cause an application to become unresponsive.

    This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.
    (CVE-2025-12385)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of qt5-qtbase installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3102 advisory.

    Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input     vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows     Excessive Allocation.This issue affects users of the Text component in Qt Quick. Missing validation of the     width and height in the <img> tag could cause an application to become unresponsive.

    This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.
    (CVE-2025-12385)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-62d125612b advisory.

    CVE-2025-12385: Fix improper validation of img tag size in Text component parser



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input     vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows     Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of     the width and height in the <img> tag could cause an application to become unresponsive. This issue     affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.
    (CVE-2025-12385)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
320480	Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Qt Declarative vulnerability (USN-8357-1)	Nessus	Ubuntu Local Security Checks	high
281824	Amazon Linux 2 : qt5-qtdeclarative, --advisory ALAS2-2025-3101 (ALAS-2025-3101)	Nessus	Amazon Linux Local Security Checks	high
281780	Amazon Linux 2 : qt5-qtbase, --advisory ALAS2-2025-3102 (ALAS-2025-3102)	Nessus	Amazon Linux Local Security Checks	high
278738	Fedora 42 : qt6-qtdeclarative (2025-62d125612b)	Nessus	Fedora Local Security Checks	high
277564	Linux Distros Unpatched Vulnerability : CVE-2025-12385	Nessus	Misc.	high

Detections

Analytics

CVE-2025-12385

high

Tenable Plugins

high

high

high

high

high