The version of qt5-qtbase / qtbase installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-5455 advisory. An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a charset parameter that lacked a value (such as data:charset,), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1. (CVE-2025-5455) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. File data…Read More
Azure Linux 3.0 Security Update: qt5-qtbase / qtbase (CVE-2025-5455)
