Debian Qtsvg-Opensource-Src vulnerabilities

CVE-2025-10729 [CRITICAL] CVE-2025-10729: qt6-svg - The module will parse a <pattern> node which is not a child of a structural node... The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free. Scope: local bookworm: open forky: open sid: open trixie: open

CVE-2025-10728 [CRITICAL] CVE-2025-10728: qt6-svg - When the module renders a Svg file that contains a <pattern> element, it might e... When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS Scope: local bookworm: resolved forky: resolved (fixed in 6.9.2-3) sid: resolved (fixed in 6.9.2-3) trixie: open

CVE-2023-32573 [MEDIUM] CVE-2023-32573: qt6-svg - In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x ... In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Scope: local bookworm: resolved (fixed in 6.4.2-2) forky: resolved (fixed in 6.4.2-2) sid: resolved (fixed in 6.4.2-2) trixie: resolved (fixed in 6.4.2-2)

CVE-2021-3481 [HIGH] CVE-2021-3481: qtsvg-opensource-src - A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadial... A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the

CVE-2021-45930 [MEDIUM] CVE-2021-45930: qtsvg-opensource-src - Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds w... Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). Scope: local bookworm: resolved (fixed in 5.15.2-4) bullseye: open forky: resolved (fixed in 5.15.2-4) sid: resolved (fixed in 5.15.2-4) trixie: resolved (fixed

CVE-2021-28025 [MEDIUM] CVE-2021-28025: qt6-svg - Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6... Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). Scope: local bookworm: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-19869 [MEDIUM] CVE-2018-19869: qtsvg-opensource-src - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segm... An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. Scope: local bookworm: resolved (fixed in 5.11.3-2) bullseye: resolved (fixed in 5.11.3-2) forky: resolved (fixed in 5.11.3-2) sid: resolved (fixed in 5.11.3-2) trixie: resolved (fixed in 5.11.3-2)