CVE-2026-6210

Name of the Vulnerable Software and Affected Versions Qt SVG versions 6.7.0 through 6.8.7 Qt SVG versions 6.9.0 through 6.11.0

Description A type confusion issue in Qt SVG allows an attacker to cause an application crash through a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. If a non-marker element, such as a <line> element, references itself as a marker, it triggers an out-of-bounds heap read due to the size difference between QSvgLine and QSvgMarker. This is followed by endless recursion that bypasses the marker recursion guard via incorrect virtual dispatch, resulting in a denial of service.

Recommendations Update Qt SVG versions 6.7.0 through 6.8.7 to version 6.8.8. Update Qt SVG versions 6.9.0 through 6.11.0 to version 6.11.1.