Oddmund Skogen

**Name of the Vulnerable Software and Affected Versions** Qt versions 6.7.0 through 6.9.0 **Description** A flaw exists that could lead to a denial-of-service (DoS) condition. This occurs when the software renders a Scalable Vector Graphics (SVG) file containing a `<pattern>` element, potentially resulting in recursive rendering and a stack overflow. **Recommendations** Restrict SVG files. Monitor for stack overflows.

**Name of the Vulnerable Software and Affected Versions** Qt versions 6.7.0 through 6.9.0 Qt6-svg qtsvg-opensource-src **Description** The issue is a use-after-free condition within the Qt framework, specifically related to the parsing of SVG files. The `renderPattern()` function and the SVG module are affected. The vulnerability occurs when a node is deleted after creation but is subsequently accessed, leading to a use-after-free scenario. This could allow an attacker to execute arbitrary code or cause a denial of service. The vulnerability impacts applications utilizing the Qt SVG module. **Recommendations** Update to Qt version 6.9.3. For systems using qt6-svg, apply the available security patch. For systems using qtsvg-opensource-src, apply the available security patch.