Heap-based Buffer Overflow in Qt's QTextMarkdownImporter Affects Multiple Versions
CVE-2025-3512

4.8MEDIUM

Key Information:

Vendor: The Qt Company
Status: Qt
Vendor: CVE Published:; 11 April 2025

🔔 Create The Qt Company Vulnerability Alert

What is CVE-2025-3512?

A Heap-based Buffer Overflow vulnerability exists in QTextMarkdownImporter, which can be exploited by passing an incorrectly formatted markdown file to the importer. This could lead to unexpected behavior or code execution. The affected versions are Qt 6.8.0 to 6.8.4, with versions prior to 6.6.0 remaining unaffected. Users are advised to upgrade to Qt 6.8.4 or later to mitigate the risk.

Affected Version(s)

Qt 6.8.0 < 6.8.4

Qt 0 < 6.6.0

Qt 6.8.4

References

https://codereview.qt-project.org/c/qt/qtbase/+/635546

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Apr 11, 2025

Credit

oss-fuzz