Improper validation of tag size in Text component parser

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.
This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.

This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

AI Analysis

Improper validation of image tag size in Text component parser allows excessive allocation, potentially causing an application to become unresponsive.

Basic Information

ID CVE-2025-12385

Source TQtC

Published Dec 3, 2025 at 19:38

Modified Dec 3, 2025 at 21:46

Affected Product

Vendor The Qt Company

Product Qt

Version 5.0.0

Affected Versions The Qt Company Qt 5.0.0
The Qt Company Qt 6.6.0
The Qt Company Qt 6.9.0

CWE Classification

CWE-770 CWE-1284

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor The Qt Company

Product Qt

Version 5.0.0, 6.5.10, 6.6.0, 6.8.5, 6.9.0, 6.10.0

References

{
    "lastseen": "",
    "description": "Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.\nThis issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.\n\nThis issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.",
    "published": "2025-12-03T19:38:53.130Z",
    "modified": "2025-12-03T21:46:42.476Z",
    "type": "cve",
    "title": "Improper validation of <img> tag size in Text component parser",
    "source": "TQtC",
    "references": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239\nhttps://codereview.qt-project.org/c/qt/qtdeclarative/+/687766",
    "id": "CVE-2025-12385",
    "bulletinFamily": "",
    "cwe": [
        "CWE-770",
        "CWE-1284"
    ],
    "cvelist": null,
    "sourceData": "The Qt Company Qt 5.0.0\nThe Qt Company Qt 6.6.0\nThe Qt Company Qt 6.9.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Qt",
    "version": "5.0.0",
    "vendor": "The Qt Company",
    "ai_description": "Improper validation of image tag size in Text component parser allows excessive allocation, potentially causing an application to become unresponsive.",
    "ai_severity": "High",
    "ai_vendor": "The Qt Company",
    "ai_product": "Qt",
    "ai_version": "5.0.0, 6.5.10, 6.6.0, 6.8.5, 6.9.0, 6.10.0",
    "ai_score": 8.7
}

Improper validation of tag size in Text component parser_CVE-2025-12385