CVE-2026-6210
Type Confusion in Qt SVG via Malicious SVG Image
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: TQtC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qt | svg | From 6.7.0 (inc) to 6.8.8 (exc) |
| qt | svg | From 6.9.0 (inc) to 6.11.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-843 | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a type confusion issue in Qt SVG where the renderer incorrectly casts a node retrieved by its id attribute to a QSvgMarker* without verifying the actual node type.
If a non-marker element, such as a <line> element, references itself as a marker, it causes an out-of-bounds heap read due to differences in object sizes between QSvgLine and QSvgMarker.
This leads to endless recursion that bypasses the marker recursion guard because of incorrect virtual dispatch, ultimately causing the application to crash, resulting in a denial of service.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that an attacker can cause an application using Qt SVG to crash by providing a specially crafted SVG image.
This crash results in a denial of service, potentially disrupting normal application operations and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability described is a type confusion issue in Qt SVG that leads to an application crash (denial of service) when processing crafted SVG images.
There is no information provided in the context or resources about any impact on data confidentiality, integrity, or availability beyond causing a denial of service.
Because the vulnerability results in denial of service without indication of data breach or unauthorized data access, there is no direct evidence from the provided information that it affects compliance with standards like GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Qt SVG component to a fixed version. Specifically, upgrade from versions 6.7.0 before 6.8.8 or from 6.9.0 before 6.11.1 to a version that includes the fix.
Avoid processing untrusted or crafted SVG images that could exploit the type confusion vulnerability until the update is applied.