Overview

File CVE-2025-5455.patch of Package libqt5-qtbase

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code.

This has been assigned the CVE id CVE-2025-5455.

https://www.qt.io/blog/security-advisory-recently-discovered-issue-in-qdecodedataurl-in-qtcore-impacts-qt
--
diff --git a/src/corelib/io/qdataurl.cpp b/src/corelib/io/qdataurl.cpp
index f14d399301f..83e59e3ac00 100644
--- a/src/corelib/io/qdataurl.cpp
+++ b/src/corelib/io/qdataurl.cpp
@@ -76,10 +76,11 @@ Q_CORE_EXPORT bool qDecodeDataUrl(const QUrl &uri, QString &mimeType, QByteArray
         }
 
         if (data.toLower().startsWith("charset")) {
-            int i = 7;      // strlen("charset")
-            while (data.at(i) == ' ')
-                ++i;
-            if (data.at(i) == '=')
+            int prefixSize = 7; // strlen("charset")
+            QLatin1String copy(data.constData() + prefixSize, data.size() - prefixSize);
+            while (copy.startsWith(QLatin1String(" ")))
+                copy = copy.mid(1);
+            if (copy.startsWith(QLatin1String("=")))
                 data.prepend("text/plain;");
         }
openSUSE Build Service is sponsored by
Places