SB20251022167 - Fedora 42 update for LabPlot, dtk6core, dtk6gui, dtk6log, dtk6widget, fcitx5-qt, gammaray, kddockwidgets, mingw-qt6-qt3d, mingw-qt6-qt5compat, mingw-qt6-qtactiveqt, mingw-qt6-qtbase, mingw-qt6-qtcharts, mingw-qt6-qtdeclarative, mingw-qt6-qtimageformats, m
Published: October 22, 2025
Security Bulletin ID
SB20251022167
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-10729)
The vulnerability allows a remote attacker to potentially execute arbitrary code.
The vulnerability exists due to a use-after-free error when parsing .SVG images with "<pattern>" element. A remote attacker can pass a specially crafted .SVG file to the application and perform a denial of service attack or potentially execute arbitrary code.
Remediation
Install update from vendor's website.