PT-2025-40528 · Qt Company+1 · Qt+1
Oddmund Skogen
+1
·
Published
2025-09-01
·
Updated
2025-12-01
·
CVE-2025-10728
CVSS v4.0
9.4
Critical
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:H/U:Red |
Name of the Vulnerable Software and Affected Versions
Qt versions 6.7.0 through 6.9.0
Description
A flaw exists that could lead to a denial-of-service (DoS) condition. This occurs when the software renders a Scalable Vector Graphics (SVG) file containing a
<pattern> element, potentially resulting in recursive rendering and a stack overflow.Recommendations
Restrict SVG files.
Monitor for stack overflows.
Fix
DoS
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Qt