SUSE CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

Security advisory: Uncontrolled Recursion and Use-After-Free vulnerabilities in Qt SVG module impact Qt

Two vulnerabilities in Qt SVG module have been discovered. Uncontrolled recursion vulnerability has been assigned the CVE id CVE-2025-10728. Whereas Use-After-Free vulnerability has been assigned the CVE id CVE-2025-10729. Uncontrolled recursion vulnerability in Qt SVG CVE-2025-10728 Affected...

OESA-2022-1493 qt5-qtsvg security update

The Qt SVG module provides functionality for displaying SVG images in widget, and to create SVG files using drawing commands. Security Fixes: Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOpsQPainterPath::Element::growAppend called...