CVE-2025-3512

medium

Description

There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.

References

https://codereview.qt-project.org/c/qt/qtbase/+/635546

http://www.openwall.com/lists/oss-security/2025/04/25/2

http://www.openwall.com/lists/oss-security/2025/04/25/1

http://www.openwall.com/lists/oss-security/2025/04/24/6

http://www.openwall.com/lists/oss-security/2025/04/24/5

http://www.openwall.com/lists/oss-security/2025/04/24/4

Details

Source: Mitre, NVD

Published: 2025-04-11

Updated: 2025-04-25

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 4.8

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00014