Primary

Context

Qt ICNS Image Handling Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Qt versions 6.3.0 prior to 6.5.9, 6.6.0 through 6.8.4, and 6.9.0. The issue arises when a specially crafted ICNS format image file is loaded using QImage, leading to a crash. This vulnerability was introduced in a regression and can be reproduced with a fuzzing tool.

Impact

Exploitation of this vulnerability causes a crash, disrupting the application's normal operation.

Reproduction

The vulnerability can be reproduced by loading a crafted ICNS image file into a Qt application that uses the QImage class to process image data. This can be done using a fuzzing engine like libFuzzer, which has been verified to trigger the crash.

Remediation

Users can upgrade to Qt versions 6.5.10, 6.8.5, or 6.9.1 to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qt ICNS Image Handling Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Qt

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating