CVE-2025-5683: 
Linux Debian vulnerability analysis and mitigation

A vulnerability identified as CVE-2025-5683 was discovered in Qt's QImage component, affecting the handling of ICNS format image files. The vulnerability exists in Qt versions ranging from 6.3.0 through 6.5.9, 6.6.0 through 6.8.4, and 6.9.0. The issue was disclosed on June 4, 2025, and has been assigned by The Qt Company (CVE MITRE, NVD).

The vulnerability is classified as CWE-770 (Allocation of Resources Without Limits or Throttling). When processing specifically crafted ICNS format image files, QImage triggers a crash due to improper resource allocation. The vulnerability has been assigned a CVSS 4.0 Base Score of 5.1 (MEDIUM) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L (NVD).

The exploitation of this vulnerability can lead to application crashes when processing maliciously crafted ICNS image files, potentially causing denial of service conditions in affected applications (NVD).

The vulnerability has been addressed in Qt versions 6.5.10, 6.8.5, and 6.9.1. Users are advised to upgrade to these fixed versions to mitigate the vulnerability (Debian Tracker).