qtsvg-opensource-src - Debian Package Tracker

general

source: qtsvg-opensource-src (main)
version: 5.15.17-3
maintainer: Debian Qt/KDE Maintainers (archive) (DMD)
uploaders: Sune Vuorela [DMD] – Timo Jyrinki [DMD] – Pino Toscano [DMD] – Felix Geyer [DMD] – Dmitry Shachnev [DMD] – Simon Quigley [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.15.2-3
oldstable: 5.15.8-3
stable: 5.15.15-2
testing: 5.15.17-3
unstable: 5.15.17-3
exp: 5.15.18-1

versioned links

5.15.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.15.8-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.15.15-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.15.17-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.15.18-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libqt5svg5
libqt5svg5-dev
qtsvg5-doc
qtsvg5-doc-html
qtsvg5-examples

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

1 important issue:

CVE-2026-6210: A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a <line> element) that references itself as a marker triggers an out-of-bounds heap read due to the object size difference between QSvgLine and QSvgMarker, followed by an endless recursion that bypasses the marker recursion guard through incorrect virtual dispatch. The result is an application crash (denial of service). This issue affects Qt SVG: from 6.7.0 before 6.8.8, from 6.9.0 before 6.11.1.

1 issue left for the package maintainer to handle:

CVE-2025-10729: (needs triaging) The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-10-04 Last update: 2026-05-08 14:03

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2026-6210: A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a <line> element) that references itself as a marker triggers an out-of-bounds heap read due to the object size difference between QSvgLine and QSvgMarker, followed by an endless recursion that bypasses the marker recursion guard through incorrect virtual dispatch. The result is an application crash (denial of service). This issue affects Qt SVG: from 6.7.0 before 6.8.8, from 6.9.0 before 6.11.1.
CVE-2025-10729: The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

Created: 2025-10-04 Last update: 2026-05-08 14:03

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2026-6210: A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a <line> element) that references itself as a marker triggers an out-of-bounds heap read due to the object size difference between QSvgLine and QSvgMarker, followed by an endless recursion that bypasses the marker recursion guard through incorrect virtual dispatch. The result is an application crash (denial of service). This issue affects Qt SVG: from 6.7.0 before 6.8.8, from 6.9.0 before 6.11.1.
CVE-2025-10729: The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

Created: 2025-10-04 Last update: 2026-05-08 14:03

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2026-6210: A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a <line> element) that references itself as a marker triggers an out-of-bounds heap read due to the object size difference between QSvgLine and QSvgMarker, followed by an endless recursion that bypasses the marker recursion guard through incorrect virtual dispatch. The result is an application crash (denial of service). This issue affects Qt SVG: from 6.7.0 before 6.8.8, from 6.9.0 before 6.11.1.

1 issue left for the package maintainer to handle:

CVE-2025-10729: (needs triaging) The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-10-04 Last update: 2026-05-08 14:03

5 security issues in bullseye high

There are 5 open security issues in bullseye.

1 important issue:

CVE-2026-6210: A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a <line> element) that references itself as a marker triggers an out-of-bounds heap read due to the object size difference between QSvgLine and QSvgMarker, followed by an endless recursion that bypasses the marker recursion guard through incorrect virtual dispatch. The result is an application crash (denial of service). This issue affects Qt SVG: from 6.7.0 before 6.8.8, from 6.9.0 before 6.11.1.

4 issues postponed or untriaged:

CVE-2021-28025: (needs triaging) Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
CVE-2021-45930: (needs triaging) Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
CVE-2023-32573: (needs triaging) In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
CVE-2025-10729: (needs triaging) The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

Created: 2026-05-08 Last update: 2026-05-08 14:03

A new upstream version is available: 5.15.18 high

A new upstream version 5.15.18 is available, you should consider packaging it.

Created: 2025-11-27 Last update: 2026-05-08 13:31

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2026-01-09 Last update: 2026-05-08 02:04

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 5.15.17-3 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-12-31 10:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-03-31 15:01

news

[rss feed]

[2026-01-08] Accepted qtsvg-opensource-src 5.15.18-1 (source) into experimental (Dmitry Shachnev)
[2026-01-06] qtsvg-opensource-src 5.15.17-3 MIGRATED to testing (Debian testing watch)
[2025-12-30] Accepted qtsvg-opensource-src 5.15.17-3 (source) into unstable (Dmitry Shachnev)
[2025-09-10] qtsvg-opensource-src 5.15.17-2 MIGRATED to testing (Debian testing watch)
[2025-09-01] Accepted qtsvg-opensource-src 5.15.17-2 (source) into unstable (Dmitry Shachnev)
[2025-07-07] Accepted qtsvg-opensource-src 5.15.17-1 (source) into experimental (Dmitry Shachnev)
[2024-11-06] qtsvg-opensource-src 5.15.15-2 MIGRATED to testing (Debian testing watch)
[2024-10-25] Accepted qtsvg-opensource-src 5.15.15-2 (source) into unstable (Dmitry Shachnev)
[2024-09-06] Accepted qtsvg-opensource-src 5.15.15-1 (source) into experimental (Dmitry Shachnev)
[2024-05-31] qtsvg-opensource-src 5.15.13-2 MIGRATED to testing (Debian testing watch)
[2024-05-21] Accepted qtsvg-opensource-src 5.15.13-2 (source) into unstable (Dmitry Shachnev)
[2024-03-10] Accepted qtsvg-opensource-src 5.15.13-1 (source) into experimental (Dmitry Shachnev)
[2023-12-23] Accepted qtsvg-opensource-src 5.15.12-1 (source) into experimental (Dmitry Shachnev)
[2023-07-27] qtsvg-opensource-src 5.15.10-2 MIGRATED to testing (Debian testing watch)
[2023-07-08] Accepted qtsvg-opensource-src 5.15.10-2 (source) into unstable (Dmitry Shachnev)
[2023-06-11] Accepted qtsvg-opensource-src 5.15.10-1 (source) into experimental (Dmitry Shachnev)
[2023-05-24] qtsvg-opensource-src 5.15.8-3 MIGRATED to testing (Debian testing watch)
[2023-05-21] Accepted qtsvg-opensource-src 5.15.8-3 (source) into unstable (Dmitry Shachnev)
[2023-04-22] Accepted qtsvg-opensource-src 5.15.9-1 (source) into experimental (Dmitry Shachnev)
[2023-01-22] qtsvg-opensource-src 5.15.8-2 MIGRATED to testing (Debian testing watch)
[2023-01-13] Accepted qtsvg-opensource-src 5.15.8-2 (source) into unstable (Dmitry Shachnev)
[2023-01-06] Accepted qtsvg-opensource-src 5.15.8-1 (source) into experimental (Dmitry Shachnev)
[2022-12-30] qtsvg-opensource-src 5.15.7-2 MIGRATED to testing (Debian testing watch)
[2022-12-19] Accepted qtsvg-opensource-src 5.15.7-2 (source) into unstable (Dmitry Shachnev)
[2022-12-04] Accepted qtsvg-opensource-src 5.15.7-1 (source) into experimental (Dmitry Shachnev)
[2022-10-28] qtsvg-opensource-src 5.15.6-2 MIGRATED to testing (Debian testing watch)
[2022-09-29] Accepted qtsvg-opensource-src 5.15.6-2 (source) into unstable (Dmitry Shachnev)
[2022-09-11] Accepted qtsvg-opensource-src 5.15.6-1 (source) into experimental (Dmitry Shachnev)
[2022-07-26] Accepted qtsvg-opensource-src 5.15.5-1 (source) into experimental (Dmitry Shachnev)
[2022-06-22] qtsvg-opensource-src 5.15.4-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, exp, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.15.18-1
1 bug