Skip to main content

Ubuntu CVE-2025-5992

| EUVDEUVD-2025-21120 LOW
Improper Input Validation (CWE-20)
2025-07-11 a59d8014-47c4-4630-ab43-e1b13cbe58e3
2.3
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
Ubuntu
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 08:17 euvd
EUVD-2025-21120
Analysis Generated
Mar 16, 2026 - 08:17 vuln.today
CVE Published
Jul 11, 2025 - 07:15 nvd
LOW 2.3

DescriptionCVE.org

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.

Analysis

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. This is fixed in 6.8.4 and 6.9.2.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Improper Input Validation (CWE-20).

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Vendor StatusVendor

Ubuntu

Priority: Medium
qt6-base
Release Status Version
jammy needs-triage -
noble needs-triage -
upstream needs-triage -
questing needs-triage -
plucky ignored end of life, was needs-triage

Debian

Bug #1109299
qt6-base
Release Status Fixed Version Urgency
bookworm vulnerable 6.4.2+dfsg-10 -
trixie fixed 6.8.2+dfsg-9+deb13u1 -
forky, sid fixed 6.9.2+dfsg-4 -
(unstable) fixed 6.8.2+dfsg-9 -

Share

CVE-2025-5992 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy