CVE-2025-3512

MEDIUM

Qt 6.8.0-6.8.4 - Buffer Overflow

Title source: llm

Description

There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.

References (6)

Core 6

Core References

Various Sources

https://codereview.qt-project.org/c/qt/qtbase/+/635546

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/24/4

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/24/5

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/24/6

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/25/1

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/25/2

Scores

CVSS v4 4.8

EPSS 0.0014

EPSS Percentile 32.9%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/U:Clear

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-122

Status published

Products (4)

The Qt Company/Qt < 6.6.0

The Qt Company/Qt 6.6.0 - 6.8.0

The Qt Company/Qt 6.8.0 - 6.8.4

The Qt Company/Qt 6.8.4

Published Apr 11, 2025

Tracked Since Feb 18, 2026