How to fix CVE-2025-5683?

Within 30 days: Identify affected systems running QImage then it will trigger a crash. This issue affects Qt f and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Ubuntu affected by CVE-2025-5683?

Organizations using QImage then it will trigger a crash. This issue affects Qt from should be aware of moderate risk from CVE-2025-5683 rated CVSS 5.5. Exploitation could compromise the security of affected deployments.

CVE-2025-5683

EUVD-2025-16968 MEDIUM

2025-06-05 a59d8014-47c4-4630-ab43-e1b13cbe58e3

5.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:53 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:53 euvd

EUVD-2025-16968

Patch Released

Mar 14, 2026 - 17:53 nvd

Patch available

CVE Published

Jun 05, 2025 - 06:15 nvd

MEDIUM 5.5

Description

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.

Analysis

Technical Context

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Allocation of Resources Without Limits or Throttling (CWE-770).

Affected Products

Affected products: Qt Qt

Remediation

A vendor patch is available — apply it immediately. Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +28

POC: 0

Vendor Status

Ubuntu

Priority: Medium

qt6-imageformats

Release	Status	Version
jammy	needs-triage	-
noble	needs-triage	-
upstream	needs-triage	-
plucky	ignored	end of life, was needs-triage
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-

qtimageformats-opensource-src

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	needs-triage	-
plucky	ignored	end of life, was needs-triage
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

Bug #1107317

qt6-imageformats

Release	Status	Fixed Version	Urgency
bookworm	vulnerable	6.4.2-1	-
trixie	fixed	6.8.2-4	-
forky, sid	fixed	6.9.2-3	-
(unstable)	fixed	6.8.2-4	-

qtimageformats-opensource-src

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	5.15.2-2	-
bookworm	vulnerable	5.15.8-2	-
trixie	fixed	5.15.15-4	-
forky, sid	fixed	5.15.17-2	-
(unstable)	fixed	5.15.15-4	-

CVE-2025-5683 vulnerability details – vuln.today

Back

CVE-2025-5683

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-5683

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code