rpm package
opensuse/qt6-svg&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/qt6-svg&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6210 | Hig | — | < 6.11.0-2.1 | 6.11.0-2.1 | May 6, 2026 | A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker | |
| CVE-2025-10729 | Cri | — | < 6.10.0-1.1 | 6.10.0-1.1 | Oct 3, 2025 | The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free. | |
| CVE-2025-10728 | Cri | — | < 6.10.0-1.1 | 6.10.0-1.1 | Oct 3, 2025 | When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS |
- affected < 6.11.0-2.1fixed 6.11.0-2.1
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker
- affected < 6.10.0-1.1fixed 6.10.0-1.1
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
- affected < 6.10.0-1.1fixed 6.10.0-1.1
When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS