Fluid Attacks Database

Description

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	qt6-imageformats	>=0 <6.8.2-4	6.8.2-4
debian 12	qt6-imageformats	=6.10.2-1 \|\| =6.10.2-2 \|\| =6.4.2-1 \|\| =6.4.2-2 \|\| =6.4.2-3 \|\| =6.4.2-4 \|\| =6.4.2-5 \|\| =6.6.0-1 \|\| =6.6.1-1 \|\| =6.6.2-1 \|\| =6.6.2-2 \|\| =6.7.2-1 \|\| =6.7.2-2 \|\| =6.8.2-1 \|\| =6.8.2-2 \|\| =6.8.2-3 \|\| =6.8.2-4 \|\| =6.9.1-1 \|\| =6.9.1-2 \|\| =6.9.2-1 \|\| =6.9.2-2 \|\| =6.9.2-3	-
debian 13	qt6-imageformats	>=0 <6.8.2-4	6.8.2-4
debian 11	qtimageformats-opensource-src	=5.15.10-1 \|\| =5.15.10-2 \|\| =5.15.12-1 \|\| =5.15.13-1 \|\| =5.15.13-2 \|\| =5.15.15-1 \|\| =5.15.15-2 \|\| =5.15.15-3 \|\| =5.15.15-4 \|\| =5.15.17-1 \|\| =5.15.17-2 \|\| =5.15.18-1 \|\| =5.15.2-2 \|\| =5.15.3-1 \|\| =5.15.4-1 \|\| =5.15.4-2 \|\| =5.15.5-1 \|\| =5.15.6-1 \|\| =5.15.6-2 \|\| =5.15.7-1 \|\| =5.15.7-2 \|\| =5.15.7-3 \|\| =5.15.8-1 \|\| =5.15.8-2 \|\| =5.15.9-1	-
debian 12	qtimageformats-opensource-src	=5.15.10-1 \|\| =5.15.10-2 \|\| =5.15.12-1 \|\| =5.15.13-1 \|\| =5.15.13-2 \|\| =5.15.15-1 \|\| =5.15.15-2 \|\| =5.15.15-3 \|\| =5.15.15-4 \|\| =5.15.17-1 \|\| =5.15.17-2 \|\| =5.15.18-1 \|\| =5.15.8-2 \|\| =5.15.9-1	-
debian 13	qtimageformats-opensource-src	>=0 <5.15.15-4	5.15.15-4
debian 14	qtimageformats-opensource-src	>=0 <5.15.15-4	5.15.15-4
rpm rhel9	qt5	-	-
rpm rhel6	qt3	-	-
rpm rhel6	qt	-	-

1-10 of 14

Aliases

1. CVE-2025-56832. NVD-2025-56833. OSV-DEBIAN-2025-56834. OSV-2025-56835. SECURITY-TRACKER-CVE-2025-5683

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.