{
"document":{
"aggregate_severity":{
"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
"text":"Medium"
},
"category":"csaf_vex",
"csaf_version":"2.0",
"distribution":{
"tlp":{
"label":"WHITE",
"url":"https:/www.first.org/tlp/"
}
},
"lang":"en",
"notes":[
{
"text":"qt5-qtdeclarative security update",
"category":"general",
"title":"Synopsis"
},
{
"text":"An update for qt5-qtdeclarative is now available for openEuler-22.03-LTS-SP4",
"category":"general",
"title":"Summary"
},
{
"text":".\n\nSecurity Fix(es):\n\nAllocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.\nThis issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the ![]()
tag could cause an application to become unresponsive.\n\nThis issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.(CVE-2025-12385)",
"category":"general",
"title":"Description"
},
{
"text":"An update for qt5-qtdeclarative is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"category":"general",
"title":"Topic"
},
{
"text":"Medium",
"category":"general",
"title":"Severity"
},
{
"text":"qt5-qtdeclarative",
"category":"general",
"title":"Affected Component"
}
],
"publisher":{
"issuing_authority":"openEuler security committee",
"name":"openEuler",
"namespace":"https://www.openeuler.org",
"contact_details":"openeuler-security@openeuler.org",
"category":"vendor"
},
"references":[
{
"summary":"openEuler-SA-2025-2870",
"category":"self",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2870"
},
{
"summary":"CVE-2025-12385",
"category":"self",
"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-12385&packageName=qt5-qtdeclarative"
},
{
"summary":"nvd cve",
"category":"external",
"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12385"
},
{
"summary":"openEuler-SA-2025-2870 vex file",
"category":"self",
"url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openEuler-SA-2025-2870.json"
}
],
"title":"An update for qt5-qtdeclarative is now available for openEuler-22.03-LTS-SP4",
"tracking":{
"initial_release_date":"2025-12-31T10:23:05+08:00",
"revision_history":[
{
"date":"2025-12-31T10:23:05+08:00",
"summary":"Initial",
"number":"1.0.0"
}
],
"generator":{
"date":"2025-12-31T10:23:05+08:00",
"engine":{
"name":"openEuler CSAF Tool V1.0"
}
},
"current_release_date":"2025-12-31T10:23:05+08:00",
"id":"openEuler-SA-2025-2870",
"version":"1.0.0",
"status":"final"
}
},
"product_tree":{
"branches":[
{
"name":"openEuler",
"category":"vendor",
"branches":[
{
"name":"openEuler",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"openEuler-22.03-LTS-SP4",
"name":"openEuler-22.03-LTS-SP4"
},
"name":"openEuler-22.03-LTS-SP4",
"category":"product_version"
}
],
"category":"product_name"
},
{
"name":"aarch64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.aarch64.rpm",
"name":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.aarch64.rpm"
},
"name":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.aarch64.rpm",
"name":"qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.aarch64.rpm"
},
"name":"qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.aarch64.rpm",
"name":"qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.aarch64.rpm"
},
"name":"qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.aarch64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.aarch64.rpm",
"name":"qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.aarch64.rpm"
},
"name":"qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.aarch64.rpm",
"category":"product_version"
}
],
"category":"architecture"
},
{
"name":"src",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.src.rpm",
"name":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.src.rpm"
},
"name":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.src.rpm",
"category":"product_version"
}
],
"category":"architecture"
},
{
"name":"x86_64",
"branches":[
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.x86_64.rpm",
"name":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.x86_64.rpm"
},
"name":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.x86_64.rpm",
"name":"qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.x86_64.rpm"
},
"name":"qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.x86_64.rpm",
"name":"qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.x86_64.rpm"
},
"name":"qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.x86_64.rpm",
"category":"product_version"
},
{
"product":{
"product_identification_helper":{
"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
},
"product_id":"qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.x86_64.rpm",
"name":"qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.x86_64.rpm"
},
"name":"qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.x86_64.rpm",
"category":"product_version"
}
],
"category":"architecture"
}
]
}
],
"relationships":[
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.aarch64",
"name":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.aarch64",
"name":"qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.aarch64",
"name":"qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.aarch64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.aarch64",
"name":"qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.src.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.src",
"name":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.x86_64",
"name":"qt5-qtdeclarative-5.15.2-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.x86_64",
"name":"qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.x86_64",
"name":"qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
},
{
"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
"product_reference":"qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.x86_64.rpm",
"full_product_name":{
"product_id":"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.x86_64",
"name":"qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
},
"category":"default_component_of"
}
]
},
"vulnerabilities":[
{
"cve":"CVE-2025-12385",
"notes":[
{
"text":"Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.\nThis issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the ![]()
tag could cause an application to become unresponsive.\n\nThis issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.",
"category":"description",
"title":"Vulnerability Description"
}
],
"product_status":{
"fixed":[
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.src",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.x86_64"
]
},
"remediations":[
{
"product_ids":[
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.src",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.x86_64"
],
"details":"qt5-qtdeclarative security update",
"category":"vendor_fix",
"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2870"
}
],
"scores":[
{
"cvss_v3":{
"baseSeverity":"MEDIUM",
"baseScore":5.0,
"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version":"3.1"
},
"products":[
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.aarch64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.src",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-5.15.2-2.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debuginfo-5.15.2-2.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-debugsource-5.15.2-2.oe2203sp4.x86_64",
"openEuler-22.03-LTS-SP4:qt5-qtdeclarative-devel-5.15.2-2.oe2203sp4.x86_64"
]
}
],
"threats":[
{
"details":"Medium",
"category":"impact"
}
],
"title":"CVE-2025-12385"
}
]
}