{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-25580", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-29T19:58:39.604Z", "dateReserved": "2024-02-08T00:00:00", "datePublished": "2024-03-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-27T01:54:47.373388"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:09.782Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T18:41:43.696201Z", "id": "CVE-2024-25580", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T19:58:39.604Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:09.782Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-25580", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-02T18:41:43.696201Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T18:55:13.686Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-27T01:54:47.373388"}}}, "cveMetadata": {"cveId": "CVE-2024-25580", "state": "PUBLISHED", "dateUpdated": "2024-10-29T19:58:39.604Z", "dateReserved": "2024-02-08T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-27T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en gui/util/qktxhandler.cpp en Qt antes de 5.15.17, 6.x antes de 6.2.12, 6.3.x hasta 6.5.x antes de 6.5.5 y 6.6.x antes de 6.6.2. Se puede producir un desbordamiento del b\u00fafer y un bloqueo de la aplicaci\u00f3n a trav\u00e9s de un archivo de imagen KTX manipulado."}], "id": "CVE-2024-25580", "lastModified": "2024-11-21T09:01:01.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-27T03:15:12.007", "references": [{"source": "cve@mitre.org", "url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3056", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "qt5-qtbase-0:5.15.3-7.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2276", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "qt5-qtbase-0:5.15.9-9.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "qtbase: potential buffer overflow when reading KTX images", "id": "2264423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264423"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-121", "details": ["An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.", "A vulnerability has been discovered in Qt Base, wherein an attacker can exploit a specially crafted KTX image file to induce a buffer overflow within the application parsing it. This overflow can subsequently result in a denial-of-service condition, rendering the affected application inaccessible or non-responsive."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-25580", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "qt5-qtbase", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-02-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-25580\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-25580"], "statement": "The CVE-2024-25580 vulnerability in Qt's KTX image handling module is classified as having a moderate severity rather than being deemed important due to several factors. While the vulnerability does pose a risk of buffer overflow and potential application crashes, its impact is somewhat mitigated by the fact that exploitation requires a specifically crafted KTX image file. This implies that successful exploitation depends on the attacker's ability to provide such a file to the target application. Moreover, the vulnerability does not inherently lead to remote code execution or compromise of sensitive data; it primarily results in a denial-of-service condition through application crashes.", "threat_severity": "Moderate", "upstream_fix": "qtbase 6.6.2"}