CVE-2025-10729 PUBLISHED

Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG

Assigner: TQtC
Reserved: 19.09.2025 Published: 03.10.2025 Updated: 06.10.2025

The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/RE:H/U:Red
CVSS Score: 9.4

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	High	Availability	High
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	The Qt Company
Product	Qt
Versions	Default: unaffected affected from 6.7.0 to 6.8.4 (incl.) affected from 6.9.0 to 6.9.2 (incl.)

Credits

OSS-Fuzz finder
Oddmund Skogen finder

References

https://codereview.qt-project.org/c/qt/qtsvg/+/676473

Problem Types

CWE-416 Use After Free CWE

Impacts

CAPEC-129 Pointer Manipulation