Integer Overflow in coldfunction qCUDA Affecting Multiple Versions
CVE-2025-6603

4.8MEDIUM

Key Information:

Vendor

Coldfunction

Status
Qcuda
Vendor
CVE Published:
25 June 2025

What is CVE-2025-6603?

An integer overflow vulnerability exists in the qcow_make_empty function of the qCUDA product, specifically in the file qCUDA/qcu-device/block/qcow.c. This flaw, triggered by manipulating the argument s->l1_size, can lead to unexpected behaviors when exploited locally. The continuous delivery model employed by this product means that specific version details for affected or updated releases may not always be available. It is essential for users and businesses employing this software to remain vigilant and up-to-date with any security advisories related to this vulnerability.

Affected Version(s)

qCUDA db0085400c2f2011eed46fbc04fdc0873141688e

References

https://vuldb.com/?id.313820
vdb-entrytechnical-description
https://vuldb.com/?ctiid.313820
signaturepermissions-required
https://vuldb.com/?submit.601029
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ybdesire (VulDB User)
.
CVE-2025-6603 : Integer Overflow in coldfunction qCUDA Affecting Multiple Versions