Subnavigation

Security advisory: Recently reported denial of service issue in QColorTransferGenericFunction impacts Qt

July 11, 2025 by Andy Shaw | Comments

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.

This has been assigned the CVE id CVE-2025-5992.


 

 

Affected versions: Qt from 6.8.0 through 6.8.3, from 6.9.0 through 6.9.1.

Vulnerability Score: CVSS v4.0: 2.3

Solution:  As a workaround if you are loading ICC profiles then ensure that you are doing so from a trusted source. Alternatively, you can apply the appropriate patch for your Qt version:

6.9: https://download.qt.io/official_releases/qt/6.9/CVE-2025-5992-qtbase-6.9.patch or https://codereview.qt-project.org/c/qt/qtbase/+/657023
6.8: https://download.qt.io/official_releases/qt/6.8/CVE-2025-5992-qtbase-6.8.patch or https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/657094

 
Blog Topics:

Comments

Subscribe to our newsletter

Subscribe Newsletter

Try Qt 6.10 Now!

Download the latest release here: www.qt.io/download.

Qt 6.10 is now available, with new features and improvements for application developers and device creators.

We're Hiring

Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.

Read Next

Dec 3, 2025

Security advisory: Improper validation of img tag size in Text component parser in Qt declarative module impacts Qt

Improper Validation of Specified Quantity in Input vulnerability in Text..

Read Article

Oct 3, 2025

Security advisory: Uncontrolled Recursion and Use-After-Free vulnerabilities in Qt SVG module impact Qt

Two vulnerabilities in Qt SVG module have been discovered. Uncontrolled..

Read Article

Sep 26, 2025

Qt Jenny 1.0 Released

Have you heard about Jenny? No, I do not mean, the girl next door, nor the..

Read Article