CVE-2025-10728 — Uncontrolled Recursion in Qt6-svg

CWE-674 — Uncontrolled Recursion7 documents7 sources

Severity

9.4CRITICALNVD

EPSS

0.0%

top 99.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Qt6-svg Debian Qtsvg-opensource-src THE QT Company QT +2 more

Timeline

PublishedOct 3

Latest updateOct 14

Description

When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P

Affected Packages5 packages

▶debiandebian/qt6-svg< qt6-svg 6.9.2-3 (forky)

▶debiandebian/qtsvg-opensource-src< qt6-svg 6.9.2-3 (forky)

▶CVEListV5the_qt_company/qt6.7.0 — 6.8.4+1

▶msrcmsrc/azl3_qtsvg_6.6.1-2_on_azure_linux_3.0

▶msrcmsrc/cbl2_qt5-qtsvg_5.12.11-6_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-x6f6-j278-6544: When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS↗2025-10-03

▶

OSV

CVE-2025-10728: When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS↗2025-10-03

▶

📋Vendor Advisories

Microsoft

Uncontrolled recursion in Qt SVG module↗2025-10-14

▶

Red Hat

qtsvg: Uncontrolled recursion in Qt SVG module↗2025-10-03

▶

Debian

CVE-2025-10728: qt6-svg - When the module renders a Svg file that contains a <pattern> element, it might e...↗2025

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws↗2025-10-14

▶