Skip to main content

Ubuntu CVE-2025-12385

| EUVDEUVD-2025-201103 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2025-12-03 a59d8014-47c4-4630-ab43-e1b13cbe58e3
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Ubuntu
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 16:14 euvd
EUVD-2025-201103
Analysis Generated
Mar 15, 2026 - 16:14 vuln.today
CVE Published
Dec 03, 2025 - 20:16 nvd
HIGH 8.7

DescriptionCVE.org

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.

This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Analysis

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.

This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Allocation of Resources Without Limits or Throttling (CWE-770).

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

CVE-2015-3105 CRITICAL POC
10.0 Jun 10

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466

CVE-2015-3864 CRITICAL POC
10.0 Oct 01

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in A

CVE-2013-4710 CRITICAL POC
9.3 Mar 03

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly imp

CVE-2015-1538 CRITICAL POC
10.0 Oct 01

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android bef

CVE-2024-21633 HIGH POC
7.8 Jan 03

Apktool versions 2.9.1 and prior contain a path traversal vulnerability when processing Android APK files. Malicious APK

CVE-2017-13156 HIGH POC
7.8 Dec 06

An elevation of privilege vulnerability in the Android system (art). Rated high severity (CVSS 7.8), this vulnerability

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-3106 CRITICAL POC
10.0 Jun 10

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows

CVE-2015-3107 CRITICAL POC
10.0 Jun 10

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows

CVE-2013-4787 CRITICAL POC
9.3 Jul 09

Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows

CVE-2014-7911 HIGH
7.2 Dec 15

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.

CVE-2016-0801 CRITICAL POC
9.8 Feb 07

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01

Vendor StatusVendor

Ubuntu

Priority: Medium
qt6-declarative
Release Status Version
plucky ignored end of life, was needs-triage
jammy needed -
noble needed -
questing needed -
upstream released -
qtdeclarative-opensource-src
Release Status Version
plucky ignored end of life, was needs-triage
bionic needed -
focal needed -
jammy needed -
noble needed -
questing needed -
upstream released 5.15.17+dfsg-4
xenial needed -
qtdeclarative-opensource-src-gles
Release Status Version
plucky ignored end of life, was needs-triage
focal needed -
jammy needed -
noble needed -
questing needed -
upstream released -
xenial needed -

Debian

Bug #1122054
qt6-declarative
Release Status Fixed Version Urgency
bookworm vulnerable 6.4.2+dfsg-1 -
trixie vulnerable 6.8.2+dfsg-7 -
forky, sid vulnerable 6.9.2+dfsg-6 -
(unstable) fixed (unfixed) -
qtdeclarative-opensource-src
Release Status Fixed Version Urgency
bullseye vulnerable 5.15.2+dfsg-6 -
bookworm vulnerable 5.15.8+dfsg-3 -
trixie vulnerable 5.15.15+dfsg-3 -
forky, sid fixed 5.15.17+dfsg-4 -
(unstable) fixed 5.15.17+dfsg-4 -
qtdeclarative-opensource-src-gles
Release Status Fixed Version Urgency
bullseye vulnerable 5.15.2+dfsg-2 -
bookworm vulnerable 5.15.8+dfsg-1 -
trixie vulnerable 5.15.15+dfsg-2 -
forky, sid vulnerable 5.15.17+dfsg-2 -
experimental fixed 5.15.18+dfsg-1 -
(unstable) fixed (unfixed) -

Share

CVE-2025-12385 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy