4 matches found
CVE-2025-14576
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...
CVE-2025-14576
CVE-2025-14576 affects Qt’s SVG module (VectorImage in Qt Quick). The root cause is insufficient validation of node IDs, enabling arbitrary QML/JavaScript code injection when loading malicious SVG files. The NVD entry notes local attack vector with no privileges required and passive user interact...
CVE-2025-14576 Possible QML code injection in VectorImage component
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...
PT-2026-36093
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...