SB2025112756 - Gentoo update for qtsvg

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025112756

SB2025112756 - Gentoo update for qtsvg

Published: November 27, 2025

Security Bulletin ID SB2025112756
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2023-45872)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling SVG documents. A remote attacker can pass specially crafted image to the application and perform a denial of service (DoS) attack.


2) Uncontrolled recursion (CVE-ID: CVE-2025-10728)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion when parsing .SVG images with "" element. A remote attacker can supply a specially crafted .SVG file to the application and perform a denial of service (DoS) attack. 


3) Use-after-free (CVE-ID: CVE-2025-10729)

The vulnerability allows a remote attacker to potentially execute arbitrary code.

The vulnerability exists due to a use-after-free error when parsing .SVG images with "<pattern>" element. A remote attacker can pass a specially crafted .SVG file to the application and perform a denial of service attack or potentially execute arbitrary code.



Remediation

Install update from vendor's website.

References