CVE-2023-45872

Name of the Vulnerable Software and Affected Versions Qt versions prior to 6.2.11 Qt versions 6.3.x through 6.6.x before 6.6.1

Description An issue was discovered in Qt when a QML image refers to an image whose content is not known yet, leading to an assumption that it is an SVG document. If the image is not actually an SVG document, this results in a denial of service (application crash). The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Qt versions prior to 6.2.11, update to version 6.2.11 or later to resolve the issue. For Qt versions 6.3.x through 6.6.x before 6.6.1, update to version 6.6.1 or later to resolve the issue. As a temporary workaround, consider disabling the QML image functionality until a patch is available. Restrict access to QML images to minimize the risk of exploitation. Avoid using unknown image sources in QML images until the issue is resolved.