CVE-2024-25580: A recently reported potential buffer overflow issue in Qt’s KTX’s image handling has been assigned the CVE id CVE-2024-25580. An issue was discovered in Qt from 5.12.0 through 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. With a specifically crafted KTX image file it is possible that the application reading it could cause an overflow and subsequently a crash. Fixed qtbase-6.6.2 is already in-tree (pending stable), qtgui will need: https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff
Created mingw-qt5-qtbase tracking bugs for this issue: Affects: fedora-all [bug 2264425] Created mingw-qt6-qtbase tracking bugs for this issue: Affects: fedora-all [bug 2264426] Created qt5-qtbase tracking bugs for this issue: Affects: fedora-all [bug 2264424] Created qt6-qtbase tracking bugs for this issue: Affects: fedora-all [bug 2264427]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2276 https://access.redhat.com/errata/RHSA-2024:2276