CVE-2025-12385

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

CVSS

No CVSS.

References

Link	Resource
https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239
https://codereview.qt-project.org/c/qt/qtdeclarative/+/687766

Configurations

No configuration.

History

03 Dec 2025, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-03 20:16

Updated : 2025-12-03 20:16

NVD link : CVE-2025-12385

Mitre link : CVE-2025-12385

CVE.ORG link : CVE-2025-12385

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-1284

Improper Validation of Specified Quantity in Input

{"id": "CVE-2025-12385", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-03T20:16:24.170", "references": [{"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239", "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3"}, {"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/687766", "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "description": [{"lang": "en", "value": "CWE-770"}, {"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.\nThis issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.\n\nThis issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0."}], "lastModified": "2025-12-03T20:16:24.170", "sourceIdentifier": "a59d8014-47c4-4630-ab43-e1b13cbe58e3"}