CVE-2025-3512

There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.

CVSS

No CVSS.

References

Link	Resource
https://codereview.qt-project.org/c/qt/qtbase/+/635546
http://www.openwall.com/lists/oss-security/2025/04/24/4
http://www.openwall.com/lists/oss-security/2025/04/24/5
http://www.openwall.com/lists/oss-security/2025/04/24/6
http://www.openwall.com/lists/oss-security/2025/04/25/1
http://www.openwall.com/lists/oss-security/2025/04/25/2

Configurations

No configuration.

History

25 Apr 2025, 18:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/04/25/2 -

25 Apr 2025, 02:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/04/25/1 -

24 Apr 2025, 21:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/04/24/5 - () http://www.openwall.com/lists/oss-security/2025/04/24/6 -

24 Apr 2025, 20:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/04/24/4 -

11 Apr 2025, 15:39

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de desbordamiento de búfer basada en montón en QTextMarkdownImporter. Esto requiere que se pase un archivo Markdown con formato incorrecto a QTextMarkdownImporter para activar el desbordamiento. Este problema afecta a Qt desde 6.8.0 hasta 6.8.4. Se sabe que las versiones hasta la 6.6.0 no se ven afectadas y la solución está en la versión 6.8.4 y posteriores.

11 Apr 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-11 08:15

Updated : 2025-04-25 18:15

NVD link : CVE-2025-3512

Mitre link : CVE-2025-3512

CVE.ORG link : CVE-2025-3512

JSON object : View

Products Affected

No product.

CWE

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2025-3512", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-11T08:15:15.797", "references": [{"url": "https://codereview.qt-project.org/c/qt/qtbase/+/635546", "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3"}, {"url": "http://www.openwall.com/lists/oss-security/2025/04/24/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2025/04/24/5", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2025/04/24/6", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2025/04/25/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2025/04/25/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later."}, {"lang": "es", "value": " Existe una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en QTextMarkdownImporter. Esto requiere que se pase un archivo Markdown con formato incorrecto a QTextMarkdownImporter para activar el desbordamiento. Este problema afecta a Qt desde 6.8.0 hasta 6.8.4. Se sabe que las versiones hasta la 6.6.0 no se ven afectadas y la soluci\u00f3n est\u00e1 en la versi\u00f3n 6.8.4 y posteriores."}], "lastModified": "2025-04-25T18:15:26.103", "sourceIdentifier": "a59d8014-47c4-4630-ab43-e1b13cbe58e3"}