Fluid Attacks Database

Description

There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	qt6-base	>=0 <6.8.2+dfsg-6	6.8.2+dfsg-6
debian 14	qt6-base	>=0 <6.8.2+dfsg-6	6.8.2+dfsg-6
rpm rhel10	qt6	-	-

Aliases

1. CVE-2025-35122. NVD-2025-35123. OSV-DEBIAN-2025-35124. OSV-2025-35125. SECURITY-TRACKER-CVE-2025-3512

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.