Qtsvg
by Qt
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10729 | Cri | 0.61 | — | 0.00 | Oct 3, 2025 | The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free. | ||
| CVE-2025-10728 | Cri | 0.61 | — | 0.00 | Oct 3, 2025 | When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS | ||
| CVE-2021-28025 | 0.00 | — | 0.00 | Aug 11, 2023 | Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). | |||
| CVE-2023-32573 | 0.00 | — | 0.01 | May 10, 2023 | In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. | |||
| CVE-2021-45930 | 0.00 | — | 0.01 | Dec 31, 2021 | Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). |
- risk 0.61cvss —epss 0.00
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
- risk 0.61cvss —epss 0.00
When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS
- CVE-2021-28025Aug 11, 2023risk 0.00cvss —epss 0.00
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
- CVE-2023-32573May 10, 2023risk 0.00cvss —epss 0.01
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
- CVE-2021-45930Dec 31, 2021risk 0.00cvss —epss 0.01
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).