Bug#1121443: skanpage: CVE-2025-55174

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1121443: skanpage: CVE-2025-55174
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 26 Nov 2025 16:25:49 +0100
Message-id: <[🔎] 176417074903.1134483.15448461088879926122.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1121443@bugs.debian.org

Source: skanpage
Version: 25.04.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for skanpage.

CVE-2025-55174[0]:
| In KDE Skanpage before 25.08.0, an attempt at file overwrite can
| result in the contents of the new file at the beginning followed by
| the partial contents of the old file at the end, because of use of
| QIODevice::ReadWrite instead of QODevice::WriteOnly.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-55174
    https://www.cve.org/CVERecord?id=CVE-2025-55174
[1] https://kde.org/info/security/advisory-20250811-1.txt
[2] https://commits.kde.org/skanpage/19308900da27b46739f2360426b91479e7179a2f

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: Bug#1121440: kwin-wayland: Tiled windows resized by virtual keyboard do not resize properly when keyboard is closed by clicking inactive window
Next by Date: Bug#1113906: k3b: please switch from cdrkit/wodim to xorriso
Previous by thread: Bug#1121440: kwin-wayland: Tiled windows resized by virtual keyboard do not resize properly when keyboard is closed by clicking inactive window
Next by thread: Bug#1113906: k3b: please switch from cdrkit/wodim to xorriso
Index(es):
- Date
- Thread