Two vulnerabilities in Qt SVG module have been discovered. Uncontrolled recursion vulnerability has been assigned the CVE id CVE-2025-10728. Whereas Use-After-Free vulnerability has been assigned the CVE id CVE-2025-10729.
Uncontrolled recursion vulnerability in Qt SVG - CVE-2025-10728 Affected versions: From Qt 6.7.0 to 6.8.4 and from 6.9.0 to 6.9.2. Impact: When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading to stack overflow DoS. CVSS 4.0 Score: 9.4 Mitigation: Ensure that all input to the Qt SVG module is only from trusted sources. Solution: Apply the following patch or update to Qt 6.9.3 or 6.8.5 Patches: dev: https://codereview.qt-project.org/c/qt/qtsvg/+/654200 Qt 6.9: https://codereview.qt-project.org/c/qt/qtsvg/+/670894 or https://download.qt.io/official_releases/qt/6.9/CVE-2025-10728-qtsvg-6.9.diff Qt 6.8: https://codereview.qt-project.org/c/qt/tqtc-qtsvg/+/671537 or https://download.qt.io/official_releases/qt/6.8/CVE-2025-10728-qtsvg-6.8.diff Use-After-Free vulnerability in Qt SVG - CVE-2025-10729 Affected versions: From Qt 6.7.0 to 6.8.4 and from 6.9.0 to 6.9.2. Impact: When the module parses a <pattern> node which is not a child of a structural node, the node gets deleted after creation but might be accessed later leading to a use after free. CVSS 4.0 Score: 9.4 Mitigation: Ensure that all input to the Qt SVG module is only from trusted sources. Solution: Apply the following patch or the patch attached or update to Qt 6.9.3 or 6.8.5 Patches: dev: https://codereview.qt-project.org/c/qt/qtsvg/+/675562 Qt 6.9: https://codereview.qt-project.org/c/qt/qtsvg/+/676501 or https://download.qt.io/official_releases/qt/6.9/CVE-2025-10729-qtsvg-6.9.diff Qt 6.8: https://codereview.qt-project.org/c/qt/tqtc-qtsvg/+/676621 or https://download.qt.io/official_releases/qt/6.8/CVE-2025-10729-qtsvg-6.8.diff ______________________ Tuukka Kettunen Senior Manager, Technical Support, Customer Engineering Confidential
_______________________________________________ Announce mailing list [email protected] https://lists.qt-project.org/listinfo/announce
-- Development mailing list [email protected] https://lists.qt-project.org/listinfo/development
