{"id":"MGASA-2025-0046","summary":"Updated qtbase5 & qtbase6 packages fix security vulnerabilities","details":"network/access/http2/hpacktable.cpp has an incorrect HPack integer\noverflow check. (CVE-2023-51714)\nA buffer overflow and application crash can occur via a crafted KTX\nimage file. (CVE-2024-25580)\nCode to make security-relevant decisions about an established connection\nmay execute too early, because the encrypted() signal has not yet been\nemitted and processed. (CVE-2024-39936)\n","modified":"2026-04-16T00:11:20.925186269Z","published":"2025-02-09T00:19:43Z","upstream":["CVE-2023-51714","CVE-2024-25580","CVE-2024-39936"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0046.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33159"},{"type":"WEB","url":"https://lwn.net/Articles/971686/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVCBTKX6LVBTP6UEJQZ2PENI2KATSRJK/"}],"affected":[{"package":{"name":"qtbase5","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/qtbase5?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.7-6.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0046.json"}},{"package":{"name":"qtbase6","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/qtbase6?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.4.1-5.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0046.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}