Hi, When loading a specifically crafted ICNS format image file then it will trigger a crash.
This has been assigned the CVE id CVE-2025-5683. Affected versions: All versions of Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1. Impact: If QImage is passed a specifically crafted ICNS format image file, then it will trigger a crash. This can happen directly via one of the load functions, or via another class which is using QImage for rendering elsewhere, such as QTextDocument. Vulnerability Score: CVSS v4.0: 5.1 Solution: Apply the following patch for your version or update to 6.5.10, 6.8.5 or 6.9.1. 6.9: https://download.qt.io/official_releases/qt/6.9/CVE-2025-5683-qtimageformats-6.9.patch or https://codereview.qt-project.org/c/qt/qtimageformats/+/646840 6.8: https://download.qt.io/official_releases/qt/6.8/CVE-2025-5683-qtimageformats-6.8.patch or https://codereview.qt-project.org/c/qt/tqtc-qtimageformats/+/646932 6.5: https://download.qt.io/official_releases/qt/6.5/CVE-2025-5683-qtimageformats-6.5.patch or https://codereview.qt-project.org/c/qt/tqtc-qtimageformats/+/646997 Kind regards, Andy -- Andy Shaw, Director, Customer Services - SQS The Qt Company _______________________________________________ Announce mailing list annou...@qt-project.org https://lists.qt-project.org/listinfo/announce -- Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
