Описание
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
A use after free flaw has been discovered in the Qt SVG library. The qsvghandler.cpp module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
Отчет
Red Hat products incorporate the Qt SVG library for rendering SVGs to users and as such a user must interact with a malicious SVG file to trigger this vulnerability.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | qt5-qtsvg | Out of support scope | ||
| Red Hat Enterprise Linux 8 | qt5-qtsvg | Not affected | ||
| Red Hat Enterprise Linux 9 | qt5-qtsvg | Not affected | ||
| Red Hat Enterprise Linux 10 | qt6-qtsvg | Fixed | RHSA-2025:19772 | 05.11.2025 |
| Red Hat Enterprise Linux 10 | qt6-qtsvg | Fixed | RHSA-2025:21037 | 11.11.2025 |
Показывать по
Дополнительная информация
Статус:
8.6 High
CVSS3
Связанные уязвимости
The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG
The module will parse a <pattern> node which is not a child of a struc ...
8.6 High
CVSS3