{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T05:38:01.926","vulnerabilities":[{"cve":{"id":"CVE-2025-5455","sourceIdentifier":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","published":"2025-06-02T09:15:21.493","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code.\n\nIf the function was called with malformed data, for example, an URL that\ncontained a \"charset\" parameter that lacked a value (such as\n\"data:charset,\"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service\n(abort).\n\nThis impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1."},{"lang":"es","value":"Se encontró un problema en la función privada de la API qDecodeDataUrl() de QtCore, utilizada en QTextDocument y QNetworkReply, y, potencialmente, en el código de usuario. Si la función se llamaba con datos mal formados, por ejemplo, una URL que contenía un parámetro \"charset\" sin valor (como \"data:charset,\"), y Qt se compilaba con aserciones habilitadas, se encontraba con una aserción, lo que resultaba en una denegación de servicio (abortar). Esto afecta a Qt hasta las versiones 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 y 6.9.0. Se ha corregido en las versiones 5.15.19, 6.5.9, 6.8.4 y 6.9.1."}],"metrics":{"cvssMetricV40":[{"source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:Clear","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"CLEAR"}}]},"weaknesses":[{"source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://codereview.qt-project.org/c/qt/qtbase/+/642006","source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3"}]}}]}