[Development] [Announce] Security advisory: Uncontrolled Recursion and Use-After-Free vulnerabilities in Qt SVG module impact Qt
Jan Grulich
jgrulich at redhat.com
Wed Oct 8 09:18:22 CEST 2025
Hi,
Do these two CVEs also affect Qt5? Looking at the fixes and the code in Qt5
I would say they are easily backportable, but the code there is not 1:1.
Can someone please confirm Qt5 is also affected?
Thank you.
Regards,
Jan Grulich
pá 3. 10. 2025 v 16:48 odesílatel List for announcements regarding Qt
releases and development via Announce via Development <
development at qt-project.org> napsal:
>
>
> Two vulnerabilities in Qt SVG module have been discovered. Uncontrolled
> recursion vulnerability has been assigned the CVE id CVE-2025-10728.
> Whereas Use-After-Free vulnerability has been assigned the CVE id
> CVE-2025-10729.
>
>
>
>
> *Uncontrolled recursion vulnerability in Qt SVG - CVE-2025-10728*
>
> *Affected versions:* From Qt 6.7.0 to 6.8.4 and from 6.9.0 to 6.9.2.
>
>
>
> *Impact:* When the module renders a Svg file that contains a <pattern>
> element, it might end up rendering it recursively leading to stack overflow
> DoS.
>
>
>
> *CVSS 4.0 Score:* 9.4
>
>
> *Mitigation:* Ensure that all input to the Qt SVG module is only from
> trusted sources.
>
>
>
> *Solution: *Apply the following patch or update to Qt 6.9.3 or 6.8.5
>
> *Patches:*
>
> dev: https://codereview.qt-project.org/c/qt/qtsvg/+/654200
> Qt 6.9: https://codereview.qt-project.org/c/qt/qtsvg/+/670894 or
> https://download.qt.io/official_releases/qt/6.9/CVE-2025-10728-qtsvg-6.9.diff
> Qt 6.8: https://codereview.qt-project.org/c/qt/tqtc-qtsvg/+/671537 or
> https://download.qt.io/official_releases/qt/6.8/CVE-2025-10728-qtsvg-6.8.diff
>
>
> *Use-After-Free vulnerability in Qt SVG - CVE-2025-10729*
>
> *Affected versions:* From Qt 6.7.0 to 6.8.4 and from 6.9.0 to 6.9.2.
>
>
>
> *Impact: *When the module parses a <pattern> node which is not a child of
> a structural node, the node gets deleted after creation but might be
> accessed later leading to a use after free.
>
>
>
> *CVSS 4.0 Score:* 9.4
>
>
>
> *Mitigation:* Ensure that all input to the Qt SVG module is only from
> trusted sources.
>
>
>
> *Solution: *Apply the following patch or the patch attached or update to
> Qt 6.9.3 or 6.8.5
>
> *Patches:*
>
> dev: https://codereview.qt-project.org/c/qt/qtsvg/+/675562
> Qt 6.9: https://codereview.qt-project.org/c/qt/qtsvg/+/676501 or
> https://download.qt.io/official_releases/qt/6.9/CVE-2025-10729-qtsvg-6.9.diff
> Qt 6.8: https://codereview.qt-project.org/c/qt/tqtc-qtsvg/+/676621 or
> https://download.qt.io/official_releases/qt/6.8/CVE-2025-10729-qtsvg-6.8.diff
>
> ______________________
>
> *Tuukka Kettunen*
>
> *Senior Manager, Technical Support, Customer Engineering*
>
>
>
>
>
>
>
>
>
>
>
>
>
> Confidential
> _______________________________________________
> Announce mailing list
> Announce at qt-project.org
> https://lists.qt-project.org/listinfo/announce
> --
> Development mailing list
> Development at qt-project.org
> https://lists.qt-project.org/listinfo/development
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20251008/82ac6634/attachment.htm>
More information about the Development
mailing list