Description

A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a <line> element) that references itself as a marker triggers an out-of-bounds heap read due to the object size difference between QSvgLine and QSvgMarker, followed by an endless recursion that bypasses the marker recursion guard through incorrect virtual dispatch. The result is an application crash (denial of service). This issue affects Qt SVG:  from 6.7.0 before 6.8.8, from 6.9.0 before 6.11.1.

INFO

Published Date :

2026-05-06T11:59:01.727Z

Last Modified :

2026-05-06T13:11:44.674Z

Source :

TQtC
AFFECTED PRODUCTS

The following products are affected by CVE-2026-6210 vulnerability.

Vendors Products
The Qt Company
  • Qt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-6210.

URL Resource
https://codereview.qt-project.org/c/qt/qtsvg/+/724887 cve-icon cve-icon
https://issues.oss-fuzz.com/issues/496327371 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability