Amazon Linux 2 Security Advisory: ALAS2-2025-3101
Advisory Released Date: 2026-01-05
Advisory Updated Date: 2026-01-05
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation.
This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.
This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0. (CVE-2025-12385)
Affected Packages:
qt5-qtdeclarative
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update qt5-qtdeclarative or yum update --advisory ALAS2-2025-3101 to update your system.
aarch64:
qt5-qtdeclarative-5.15.3-1.amzn2.0.2.aarch64
qt5-qtdeclarative-devel-5.15.3-1.amzn2.0.2.aarch64
qt5-qtdeclarative-static-5.15.3-1.amzn2.0.2.aarch64
qt5-qtdeclarative-examples-5.15.3-1.amzn2.0.2.aarch64
qt5-qtdeclarative-debuginfo-5.15.3-1.amzn2.0.2.aarch64
i686:
qt5-qtdeclarative-5.15.3-1.amzn2.0.2.i686
qt5-qtdeclarative-devel-5.15.3-1.amzn2.0.2.i686
qt5-qtdeclarative-static-5.15.3-1.amzn2.0.2.i686
qt5-qtdeclarative-examples-5.15.3-1.amzn2.0.2.i686
qt5-qtdeclarative-debuginfo-5.15.3-1.amzn2.0.2.i686
src:
qt5-qtdeclarative-5.15.3-1.amzn2.0.2.src
x86_64:
qt5-qtdeclarative-5.15.3-1.amzn2.0.2.x86_64
qt5-qtdeclarative-devel-5.15.3-1.amzn2.0.2.x86_64
qt5-qtdeclarative-static-5.15.3-1.amzn2.0.2.x86_64
qt5-qtdeclarative-examples-5.15.3-1.amzn2.0.2.x86_64
qt5-qtdeclarative-debuginfo-5.15.3-1.amzn2.0.2.x86_64