CVE-2025-10729

Опубликовано: 03 окт. 2025

Источник: debian

EPSS Низкий

Описание

The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

Пакеты

Пакет	Статус	Релиз	Тип
qt6-svg	unfixed		package
qt6-svg	no-dsa	trixie	package
qt6-svg	no-dsa	bookworm	package
qtsvg-opensource-src	unfixed		package
qtsvg-opensource-src	no-dsa	trixie	package
qtsvg-opensource-src	no-dsa	bookworm	package
qtsvg-opensource-src	no-dsa	bullseye	package

Примечания

Fixed by: https://codereview.qt-project.org/c/qt/qtsvg/+/676473
Fixed by: https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=7e8898903265d931df0aa54b3913f2c49d4d7bf2 (dev)
Fixed by: https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=6a6273126770006232e805cf1631f93d4919b788 (v6.9.3)
The (isolated, initial) fix for CVE-2025-10729 introduces a regression:
https://bugs.debian.org/1117896 and thus has been reverted in 6.9.2-4

EPSS

Процентиль: 3%

0.0002

Низкий

Связанные уязвимости

CVE-2025-10729

ubuntu

около 2 месяцев назад

The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

CVE-2025-10729

nvd

около 2 месяцев назад

The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

CVE-2025-10729

CVSS3: 9.3

msrc

около 1 месяца назад

Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG

GHSA-cprv-rgr4-v7vh

github

около 2 месяцев назад

The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

ELSA-2025-19772

oracle-oval

15 дней назад

ELSA-2025-19772: qt6-qtsvg security update (IMPORTANT)

EPSS

Процентиль: 3%

0.0002

Низкий