Skip to main content

Ubuntu CVE-2025-10728

| EUVDEUVD-2025-32487 CRITICAL
Uncontrolled Recursion (CWE-674)
2025-10-03 a59d8014-47c4-4630-ab43-e1b13cbe58e3
Critical
Disputed · 9.4 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/RE:H/U:Red
Ubuntu
MEDIUM
qualitative
SUSE
6.1 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Red Hat
4.0 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/RE:H/U:Red
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
P

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 13, 2026 - 19:29 euvd
EUVD-2025-32487
Analysis Generated
Mar 13, 2026 - 19:29 vuln.today
CVE Published
Oct 03, 2025 - 16:16 nvd
CRITICAL 9.4

DescriptionCVE.org

When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading to stack overflow DoS

AnalysisAI

Stack overflow DoS in SVG rendering via recursive pattern elements.

Technical ContextAI

CWE-674 recursive pattern rendering.

RemediationAI

Apply fix.

Vendor StatusVendor

Ubuntu

Priority: Medium
qt6-svg
Release Status Version
jammy needs-triage -
noble needs-triage -
upstream needs-triage -
plucky ignored end of life, was needs-triage
questing needs-triage -
qtsvg-opensource-src
Release Status Version
bionic not-affected code not present
focal not-affected code not present
jammy not-affected 5.15.3-1
noble not-affected 5.15.13-1
plucky not-affected 5.15.15-2
upstream released 6.9.3
xenial not-affected code not present
questing not-affected 5.15.17-1

Debian

Bug #1117447
qt6-svg
Release Status Fixed Version Urgency
bookworm not-affected - -
trixie vulnerable 6.8.2-3 -
forky, sid fixed 6.9.2-5 -
(unstable) fixed 6.9.2-3 -
qtsvg-opensource-src
Release Status Fixed Version Urgency
bullseye fixed 5.15.2-3 -
bookworm fixed 5.15.8-3 -
trixie fixed 5.15.15-2 -
forky, sid fixed 5.15.17-3 -
(unstable) not-affected - -

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2025-10728 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy