SUSE CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

DEBIAN-CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

UBUNTU-CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

CVE-2025-14576

CVE-2025-14576 affects Qt’s SVG module (VectorImage in Qt Quick). The root cause is insufficient validation of node IDs, enabling arbitrary QML/JavaScript code injection when loading malicious SVG files. The NVD entry notes local attack vector with no privileges required and passive user interact...

EUVD-2025-209594

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

OESA-2026-1647 qt5-qtsvg security update

The Qt SVG module provides functionality for displaying SVG images in widget, and to create SVG files using drawing commands. Security Fixes: The module will parse a pattern node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading...

qt6-qtsvg security update

An update is available for qt6-qtsvg. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Scalable Vector Graphics SVG is an XML-based language for describing...

RHEL 10 : qt6-qtsvg (RHSA-2025:22393)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22393 advisory. Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and...

ALSA-2025:22394 Moderate: qt6-qtsvg security update

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qtsvg: Uncontrolled recursion in Qt SVG module CVE-2025-10728 For more details...

Malicious Package

Overview react-svg-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in react-svg-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9b392459196e5602d6e40cd38445d10e87e49d85b53b966aee554dd758fc1bd The package react-svg-module was found to contain malicious code. Source: ghsa-malware dd046bd4ddd4da53330303e0802201fda828bce7e1a21524aa7fc0da1fed95...

EUVD-2025-198131

Malicious code in react-svg-module npm...

MAL-2025-190572 Malicious code in react-svg-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9b392459196e5602d6e40cd38445d10e87e49d85b53b966aee554dd758fc1bd The package react-svg-module was found to contain malicious code. Source: ghsa-malware dd046bd4ddd4da53330303e0802201fda828bce7e1a21524aa7fc0da1fed95...

Uncontrolled recursion in Qt SVG module

...

CVE-2025-10728 Uncontrolled recursion in Qt SVG module

When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...

Security advisory: Uncontrolled Recursion and Use-After-Free vulnerabilities in Qt SVG module impact Qt

Two vulnerabilities in Qt SVG module have been discovered. Uncontrolled recursion vulnerability has been assigned the CVE id CVE-2025-10728. Whereas Use-After-Free vulnerability has been assigned the CVE id CVE-2025-10729. Uncontrolled recursion vulnerability in Qt SVG CVE-2025-10728 Affected...

OESA-2022-1493 qt5-qtsvg security update

The Qt SVG module provides functionality for displaying SVG images in widget, and to create SVG files using drawing commands. Security Fixes: Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOpsQPainterPath::Element::growAppend called...

DEBIAN-CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fzloadpage of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c...