CVE-2025-5683 — MEDIUM (5.5)

Q: How severe is CVE-2025-5683?

CVE-2025-5683 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-5683?

Check the references section above for vendor advisories and patch information. Affected products include: Qt Qt.

Vulnerability Description

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qt	Qt	>= 6.3.0, < 6.5.10

Related Weaknesses (CWE)

CWE-770

References

https://codereview.qt-project.org/c/qt/qtimageformats/+/644548Patch
https://issues.oss-fuzz.com/issues/415350704Issue TrackingPatch

FAQ

What is CVE-2025-5683?

CVE-2025-5683 is a vulnerability with a CVSS score of 5.5 (MEDIUM). When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fix...

How severe is CVE-2025-5683?

CVE-2025-5683 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-5683?

Check the references section above for vendor advisories and patch information. Affected products include: Qt Qt.