TencentOS Server 4: qt5-qtbase (TSSA-2025:0509)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0509 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Fedora 42 : qt5-qtbase (2025-c50e4dfd3b)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c50e4dfd3b advisory. Fix CVE-2025-5455 - QtCore Assertion Failure Denial of Service Tenable has extracted the preceding description block directly from the Fedora securi...

ROS-20251030-10

A vulnerability in the qDecodeDataUrl function of the QtCore module of the Qt cross-platform development framework Qt software development framework is related to insufficient input data validation when processing the parameter charset. Exploitation of the vulnerability could allow an attacker...

AlmaLinux 10 : qt6-qtbase (ALSA-2025:9486)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9486 advisory. qt5: qt6: QtCore Assertion Failure Denial of Service CVE-2025-5455 Tenable has extracted the preceding description block directly from the AlmaLinux security...

qt5-qtbase security update

An update is available for qt5-qtbase. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Qt is a software toolkit for developing applications. The qt5-base package...

RLSA-2025:9486 Moderate: qt6-qtbase security update

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. Security Fixes: qt5: qt6: QtCore Assertion Failure Denial of Service CVE-2025-5455 For more details about the security issues, including the impact, a CVSS score,...

Advisory ROSA-SA-2025-2983

software: qt6-qtbase 6.8.3 OS: ROSA-CHROME unaffected versions = qt6-qtbase-6.8.3-3 affected versions qt6-qtbase-6.8.3-3 CVE-ID: CVE-2025-5455 BDU-ID: 2025-06498 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the qDecodeDataUrl function of the QtCore module of the QtCore cross-platform software...

qt6-qtbase: qt5-qtbase: QtCore Assertion Failure Denial of Service

A flaw was found in QtCore's qDecodeDataUrl function. This vulnerability allows an application level denial of service via a malformed data URL with a missing charset value when assertions are enabled...

qt6-qtbase: qt5-qtbase: QtCore Assertion Failure Denial of Service

A flaw was found in QtCore's qDecodeDataUrl function. This vulnerability allows an application level denial of service via a malformed data URL with a missing charset value when assertions are enabled...

OESA-2025-1655 qt6-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that...

OESA-2025-1654 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that...

AZL-64349 CVE-2025-5455 affecting package qtbase for versions less than 6.6.3-4

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...

DEBIAN-CVE-2025-5455

An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...