Home / mailings [USN-8357-1] Qt Declarative vulnerability
Posted on 01 June 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8357-1
June 01, 2026
qtdeclarative-opensource-src vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Qt Declarative could be made to use excessive resources if it received
specially crafted input.
Software Description:
- qtdeclarative-opensource-src: Qt 5 declarative modules
Details:
It was discovered that Qt Declarative did not properly validate the
width and height attributes of image tags in the Text component of Qt
Quick. An attacker could possibly use this issue to cause Qt Declarative
to use excessive resources, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libqt5quick5 5.15.13+dfsg-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libqt5quick5 5.15.3+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libqt5quick5 5.12.8-0ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8357-1
CVE-2025-12385
--===============0385237816345652330==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
