Source: qt6-svg Version: 6.10.2-5 Severity: important Tags: security upstream Forwarded: https://codereview.qt-project.org/c/qt/qtsvg/+/724887 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for qt6-svg. CVE-2026-6210[0]: | A type confusion vulnerability in Qt SVG allows an attacker to cause | an application crash via a crafted SVG image. When processing SVG | marker references, the renderer retrieves a node by its id attribute | and casts it to QSvgMarker* without verifying the node type. A non- | marker element (such as a <line> element) that references itself as | a marker triggers an out-of-bounds heap read due to the object size | difference between QSvgLine and QSvgMarker, followed by an endless | recursion that bypasses the marker recursion guard through | incorrect virtual dispatch. The result is an application crash | (denial of service). This issue affects Qt SVG: from 6.7.0 | before 6.8.8, from 6.9.0 before 6.11.1. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-6210 https://www.cve.org/CVERecord?id=CVE-2026-6210 [1] https://codereview.qt-project.org/c/qt/qtsvg/+/724887 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
