Debian Qt6-Svg vulnerabilities

5 known vulnerabilities affecting debian/qt6-svg.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1LOW3

Vulnerabilities

Page 1 of 1
CVE-2025-10729CRITICALCVSS 9.42025
CVE-2025-10729 [CRITICAL] CVE-2025-10729: qt6-svg - The module will parse a <pattern> node which is not a child of a structural node... The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free. Scope: local bookworm: open forky: open sid: open trixie: open
debian
CVE-2025-10728LOWCVSS 9.4fixed in qt6-svg 6.9.2-3 (forky)2025
CVE-2025-10728 [CRITICAL] CVE-2025-10728: qt6-svg - When the module renders a Svg file that contains a <pattern> element, it might e... When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS Scope: local bookworm: resolved forky: resolved (fixed in 6.9.2-3) sid: resolved (fixed in 6.9.2-3) trixie: open
debian
CVE-2023-32573MEDIUMCVSS 6.5fixed in qt6-svg 6.4.2-2 (bookworm)2023
CVE-2023-32573 [MEDIUM] CVE-2023-32573: qt6-svg - In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x ... In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Scope: local bookworm: resolved (fixed in 6.4.2-2) forky: resolved (fixed in 6.4.2-2) sid: resolved (fixed in 6.4.2-2) trixie: resolved (fixed in 6.4.2-2)
debian
CVE-2023-45872LOWCVSS 6.52023
CVE-2023-45872 [MEDIUM] CVE-2023-45872: qt6-svg - An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1... An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if it is not actually an SVG document. Scope: local bookworm: resolved forky: resolved sid: resolved trixie: resol
debian
CVE-2021-28025LOWCVSS 5.5fixed in qtsvg-opensource-src 5.15.4-2 (bookworm)2021
CVE-2021-28025 [MEDIUM] CVE-2021-28025: qt6-svg - Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6... Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). Scope: local bookworm: resolved forky: resolved sid: resolved trixie: resolved
debian