VDB

GCVE-110-MAGEIA-2025-212

GCVE-110-MAGEIA-2025-212
Advisory Published
Vulnetix · Advisory published July 22, 2025
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0.

Affected Products

VendorProductVersionsPlatforms
Mageiaqtbase55.15.7-6.2.mga9 (unaffected), 0 (affected)
Mageiaqtbase60 (affected), 6.4.1-5.2.mga9 (unaffected)

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›