CVE-2025-10729 - Vulnerability Details - OpenCVE

The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://codereview.qt-project.org/c/qt/qtsvg/+/676473

History

Fri, 03 Oct 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 03 Oct 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
Title		Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG
Weaknesses		CWE-416
References		https://codereview.qt-project.org/c/qt/qtsvg/+/676473
Metrics		cvssV4_0 `{'score': 9.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/RE:H/U:Red'}`

MITRE

Status: PUBLISHED

Assigner: TQtC

Published: 2025-10-03T14:39:20.433Z

Updated: 2025-10-03T14:54:57.318Z

Reserved: 2025-09-19T14:01:08.672Z

Link: CVE-2025-10729

Vulnrichment

Updated: 2025-10-03T14:54:49.345Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-10729", "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "state": "PUBLISHED", "assignerShortName": "TQtC", "dateReserved": "2025-09-19T14:01:08.672Z", "datePublished": "2025-10-03T14:39:20.433Z", "dateUpdated": "2025-10-03T14:54:57.318Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Qt SVG"], "product": "Qt", "vendor": "The Qt Company", "versions": [{"lessThanOrEqual": "6.8.4", "status": "affected", "version": "6.7.0", "versionType": "python"}, {"lessThanOrEqual": "6.9.2", "status": "affected", "version": "6.9.0", "versionType": "python"}]}], "credits": [{"lang": "en", "type": "finder", "value": "OSS-Fuzz"}], "datePublic": "2025-10-03T14:38:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free."}], "value": "The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free."}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "PRESENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.4, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/RE:H/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "shortName": "TQtC", "dateUpdated": "2025-10-03T14:39:20.433Z"}, "references": [{"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/676473"}], "source": {"discovery": "UNKNOWN"}, "title": "Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-03T14:54:46.096203Z", "id": "CVE-2025-10729", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T14:54:57.318Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10729", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-03T14:54:46.096203Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T14:54:49.345Z"}}], "cna": {"title": "Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "OSS-Fuzz"}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/RE:H/U:Red", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "The Qt Company", "modules": ["Qt SVG"], "product": "Qt", "versions": [{"status": "affected", "version": "6.7.0", "versionType": "python", "lessThanOrEqual": "6.8.4"}, {"status": "affected", "version": "6.9.0", "versionType": "python", "lessThanOrEqual": "6.9.2"}], "defaultStatus": "unaffected"}], "datePublic": "2025-10-03T14:38:00.000Z", "references": [{"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/676473"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.", "supportingMedia": [{"type": "text/html", "value": "The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "shortName": "TQtC", "dateUpdated": "2025-10-03T14:39:20.433Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10729", "state": "PUBLISHED", "dateUpdated": "2025-10-03T14:54:57.318Z", "dateReserved": "2025-09-19T14:01:08.672Z", "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "datePublished": "2025-10-03T14:39:20.433Z", "assignerShortName": "TQtC"}, "dataVersion": "5.1"}