EUVD-2025-32487
2025-10-03
a59d8014-47c4-4630-ab43-e1b13cbe58e3
9.4
CVSS 4.0
Share
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/RE:H/U:Red
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
P
Lifecycle Timeline
4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 13, 2026 - 19:29 vuln.today
EUVD ID Assigned
Mar 13, 2026 - 19:29 euvd
EUVD-2025-32487
CVE Published
Oct 03, 2025 - 16:16 nvd
CRITICAL 9.4
Description
When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading to stack overflow DoS
Analysis
Stack overflow DoS in SVG rendering via recursive pattern elements.
Technical Context
CWE-674 recursive pattern rendering.
Affected Products
['Affected SVG renderer']
Remediation
Apply fix.
Priority Score
47
Low
Medium
High
Critical
KEV: 0
EPSS: +0.0
CVSS: +47
POC: 0
Vendor Status
Ubuntu
Priority: Mediumqt6-svg
| Release | Status | Version |
|---|---|---|
| jammy | needs-triage | - |
| noble | needs-triage | - |
| upstream | needs-triage | - |
| plucky | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
qtsvg-opensource-src
| Release | Status | Version |
|---|---|---|
| bionic | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | not-affected | 5.15.3-1 |
| noble | not-affected | 5.15.13-1 |
| plucky | not-affected | 5.15.15-2 |
| upstream | released | 6.9.3 |
| xenial | not-affected | code not present |
| questing | not-affected | 5.15.17-1 |
Debian
Bug #1117447qt6-svg
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm | not-affected | - | - |
| trixie | vulnerable | 6.8.2-3 | - |
| forky, sid | fixed | 6.9.2-5 | - |
| (unstable) | fixed | 6.9.2-3 | - |
qtsvg-opensource-src
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 5.15.2-3 | - |
| bookworm | fixed | 5.15.8-3 | - |
| trixie | fixed | 5.15.15-2 | - |
| forky, sid | fixed | 5.15.17-3 | - |
| (unstable) | not-affected | - | - |
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).