Hi, When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile. This has been assigned the CVE id CVE-2025-5992. Affected versions: Qt from 6.8.0 through 6.8.3, from 6.9.0 through 6.9.1. Vulnerability Score: CVSS v4.0: 2.3 Solution: As a workaround if you are loading ICC profiles then ensure that you are doing so from a trusted source. Alternatively, you can apply the appropriate patch for your Qt version: 6.9: https://download.qt.io/official_releases/qt/6.9/CVE-2025-5992-qtbase-6.9.patch or https://codereview.qt-project.org/c/qt/qtbase/+/657023<https://download.qt.io/official_releases/qt/6.9/CVE-2025-5992-qtbase-6.9.patch> 6.8: https://download.qt.io/official_releases/qt/6.8/CVE-2025-5992-qtbase-6.8.patch or https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/657094<https://download.qt.io/official_releases/qt/6.8/CVE-2025-5992-qtbase-6.8.patch> Kind regards,
Andy -- Andy Shaw, Director, Customer Services - SQS The Qt Company Confidential
_______________________________________________ Announce mailing list annou...@qt-project.org https://lists.qt-project.org/listinfo/announce
-- Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
