Name | CVE-2025-10728 |
Description | When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading to stack overflow DoS |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
qt6-svg (PTS) | bookworm | 6.4.2-2 | fixed |
| trixie | 6.8.2-3 | vulnerable |
| forky, sid | 6.9.2-2 | vulnerable |
qtsvg-opensource-src (PTS) | bullseye | 5.15.2-3 | fixed |
| bookworm | 5.15.8-3 | fixed |
| trixie | 5.15.15-2 | fixed |
| forky, sid | 5.15.17-2 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
qt6-svg | source | bookworm | (not affected) | | | |
qt6-svg | source | (unstable) | (unfixed) | | | |
qtsvg-opensource-src | source | (unstable) | (not affected) | | | |
Notes
[bookworm] - qt6-svg <not-affected> (Vulnerable code introduced later)
- qtsvg-opensource-src <not-affected> (Vulnerable code introduced later)
https://bugreports.qt.io/browse/QTBUG-137553
Introduced by: https://codereview.qt-project.org/c/qt/qtsvg/+/616712
Introduced by: https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=0332df304f013ded362537c1f61556098b875352
Fixed by: https://codereview.qt-project.org/c/qt/qtsvg/+/654200
Fixed by: https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=9e5bed9584ab65d56cd5fbac0471e06e37a54412 (dev)
Fixed by: https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=ea44b50c6e61104cadd6b7c8ede92a4108634232 (v6.9.3)