Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-14576 (GCVE-0-2025-14576)
Vulnerability from cvelistv5 – Published: 2026-04-30 12:39 – Updated: 2026-04-30 13:14
VLAI
EPSS
Title
Possible QML code injection in VectorImage component
Summary
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.
Severity
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://codereview.qt-project.org/c/qt/qtdeclarat… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Qt Company | Qt |
Affected:
6.8.0 , ≤ 6.8.6
(python)
Affected: 6.10.0 , ≤ 6.10.1 (python) |
Credits
Qt Development Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:13:55.418329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:14:04.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.qt.io/",
"defaultStatus": "unaffected",
"modules": [
"Qt Declarative (Qt Quick)",
"VectorImage Component"
],
"packageName": "qtdeclarative",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Qt",
"vendor": "The Qt Company",
"versions": [
{
"lessThanOrEqual": "6.8.6",
"status": "affected",
"version": "6.8.0",
"versionType": "python"
},
{
"lessThanOrEqual": "6.10.1",
"status": "affected",
"version": "6.10.0",
"versionType": "python"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "6.8.6",
"versionStartIncluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*",
"versionEndIncluding": "6.8.6",
"versionStartIncluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "6.8.6",
"versionStartIncluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*",
"versionEndIncluding": "6.8.6",
"versionStartIncluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*",
"versionEndIncluding": "6.8.6",
"versionStartIncluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*",
"versionEndIncluding": "6.8.6",
"versionStartIncluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*",
"versionEndIncluding": "6.8.6",
"versionStartIncluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*",
"versionEndIncluding": "6.8.6",
"versionStartIncluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*",
"versionEndIncluding": "6.8.6",
"versionStartIncluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "6.10.1",
"versionStartIncluding": "6.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*",
"versionEndIncluding": "6.10.1",
"versionStartIncluding": "6.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*",
"versionEndIncluding": "6.10.1",
"versionStartIncluding": "6.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*",
"versionEndIncluding": "6.10.1",
"versionStartIncluding": "6.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*",
"versionEndIncluding": "6.10.1",
"versionStartIncluding": "6.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*",
"versionEndIncluding": "6.10.1",
"versionStartIncluding": "6.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*",
"versionEndIncluding": "6.10.1",
"versionStartIncluding": "6.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*",
"versionEndIncluding": "6.10.1",
"versionStartIncluding": "6.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*",
"versionEndIncluding": "6.10.1",
"versionStartIncluding": "6.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qt Development Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application\u0027s privilege level and data access.\u003c/p\u003e"
}
],
"value": "Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application\u0027s privilege level and data access."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T12:51:40.517Z",
"orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
"shortName": "TQtC"
},
"references": [
{
"name": "Qt Code Review - Fix for QTBUG-142556",
"tags": [
"patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate to Qt 6.8.7 or Qt 6.10.2 or later. As a temporary mitigation, validate and sanitize all SVG files before loading them with VectorImage, or only load SVG files from trusted sources.\u003c/p\u003e"
}
],
"value": "Update to Qt 6.8.7 or Qt 6.10.2 or later. As a temporary mitigation, validate and sanitize all SVG files before loading them with VectorImage, or only load SVG files from trusted sources."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Possible QML code injection in VectorImage component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
"assignerShortName": "TQtC",
"cveId": "CVE-2025-14576",
"datePublished": "2026-04-30T12:39:40.067Z",
"dateReserved": "2025-12-12T12:52:21.516Z",
"dateUpdated": "2026-04-30T13:14:04.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-14576",
"date": "2026-05-30",
"epss": "0.0001",
"percentile": "0.01135"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-14576\",\"sourceIdentifier\":\"a59d8014-47c4-4630-ab43-e1b13cbe58e3\",\"published\":\"2026-04-30T13:16:02.850\",\"lastModified\":\"2026-05-05T02:57:05.760\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application\u0027s privilege level and data access.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"a59d8014-47c4-4630-ab43-e1b13cbe58e3\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"a59d8014-47c4-4630-ab43-e1b13cbe58e3\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qt:qtdeclarative:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8.0\",\"versionEndExcluding\":\"6.8.6\",\"matchCriteriaId\":\"06BB3954-EACC-4FD9-B24D-88CBC2043FC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qt:qtdeclarative:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.10.0\",\"versionEndExcluding\":\"6.10.1\",\"matchCriteriaId\":\"68D670C7-EF6F-468E-AD32-31F9169A8A20\"}]}]}],\"references\":[{\"url\":\"https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273\",\"source\":\"a59d8014-47c4-4630-ab43-e1b13cbe58e3\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-14576\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-30T13:13:55.418329Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-30T13:13:59.958Z\"}}], \"cna\": {\"title\": \"Possible QML code injection in VectorImage component\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Qt Development Team\"}], \"impacts\": [{\"capecId\": \"CAPEC-242\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-242 Code Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.4, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U\", \"exploitMaturity\": \"UNREPORTED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"The Qt Company\", \"modules\": [\"Qt Declarative (Qt Quick)\", \"VectorImage Component\"], \"product\": \"Qt\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.8.0\", \"versionType\": \"python\", \"lessThanOrEqual\": \"6.8.6\"}, {\"status\": \"affected\", \"version\": \"6.10.0\", \"versionType\": \"python\", \"lessThanOrEqual\": \"6.10.1\"}], \"platforms\": [\"Windows\", \"MacOS\", \"Linux\", \"iOS\", \"Android\", \"x86\", \"ARM\", \"64 bit\", \"32 bit\"], \"packageName\": \"qtdeclarative\", \"collectionURL\": \"https://www.qt.io/\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to Qt 6.8.7 or Qt 6.10.2 or later. As a temporary mitigation, validate and sanitize all SVG files before loading them with VectorImage, or only load SVG files from trusted sources.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eUpdate to Qt 6.8.7 or Qt 6.10.2 or later. As a temporary mitigation, validate and sanitize all SVG files before loading them with VectorImage, or only load SVG files from trusted sources.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273\", \"name\": \"Qt Code Review - Fix for QTBUG-142556\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application\u0027s privilege level and data access.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eInsufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application\u0027s privilege level and data access.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.8.6\", \"versionStartIncluding\": \"6.8.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.8.6\", \"versionStartIncluding\": \"6.8.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.8.6\", \"versionStartIncluding\": \"6.8.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.8.6\", \"versionStartIncluding\": \"6.8.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.8.6\", \"versionStartIncluding\": \"6.8.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.8.6\", \"versionStartIncluding\": \"6.8.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.8.6\", \"versionStartIncluding\": \"6.8.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.8.6\", \"versionStartIncluding\": \"6.8.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.8.6\", \"versionStartIncluding\": \"6.8.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.10.1\", \"versionStartIncluding\": \"6.10.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.10.1\", \"versionStartIncluding\": \"6.10.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.10.1\", \"versionStartIncluding\": \"6.10.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.10.1\", \"versionStartIncluding\": \"6.10.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.10.1\", \"versionStartIncluding\": \"6.10.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.10.1\", \"versionStartIncluding\": \"6.10.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.10.1\", \"versionStartIncluding\": \"6.10.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.10.1\", \"versionStartIncluding\": \"6.10.0\"}, {\"criteria\": \"cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"6.10.1\", \"versionStartIncluding\": \"6.10.0\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"a59d8014-47c4-4630-ab43-e1b13cbe58e3\", \"shortName\": \"TQtC\", \"dateUpdated\": \"2026-04-30T12:51:40.517Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-14576\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-30T13:14:04.728Z\", \"dateReserved\": \"2025-12-12T12:52:21.516Z\", \"assignerOrgId\": \"a59d8014-47c4-4630-ab43-e1b13cbe58e3\", \"datePublished\": \"2026-04-30T12:39:40.067Z\", \"assignerShortName\": \"TQtC\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-14576
Vulnerability from fkie_nvd - Published: 2026-04-30 13:16 - Updated: 2026-05-05 02:57
Severity
Summary
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qt | qtdeclarative | * | |
| qt | qtdeclarative | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qtdeclarative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB3954-EACC-4FD9-B24D-88CBC2043FC3",
"versionEndExcluding": "6.8.6",
"versionStartIncluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qtdeclarative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D670C7-EF6F-468E-AD32-31F9169A8A20",
"versionEndExcluding": "6.10.1",
"versionStartIncluding": "6.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application\u0027s privilege level and data access."
}
],
"id": "CVE-2025-14576",
"lastModified": "2026-05-05T02:57:05.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
"type": "Secondary"
}
]
},
"published": "2026-04-30T13:16:02.850",
"references": [
{
"source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
"tags": [
"Patch"
],
"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273"
}
],
"sourceIdentifier": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-4HPM-V49G-RQ7Q
Vulnerability from github – Published: 2026-04-30 15:30 – Updated: 2026-05-05 03:31
VLAI
Details
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.
Severity
{
"affected": [],
"aliases": [
"CVE-2025-14576"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T13:16:02Z",
"severity": "HIGH"
},
"details": "Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application\u0027s privilege level and data access.",
"id": "GHSA-4hpm-v49g-rq7q",
"modified": "2026-05-05T03:31:40Z",
"published": "2026-04-30T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14576"
},
{
"type": "WEB",
"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
RHSA-2026:20567
Vulnerability from csaf_redhat - Published: 2026-05-26 04:11 - Updated: 2026-05-26 09:00Summary
Red Hat Security Advisory: qt6-qtdeclarative security update
Severity
Important
Notes
Topic: An update for qt6-qtdeclarative is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Qt6 - QtDeclarative component.
Security Fix(es):
* qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file (CVE-2025-14576)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Qt SVG module and the VectorImage component in Qt Quick. This vulnerability allows a remote attacker to inject arbitrary QML/JavaScript code by tricking a user into loading a specially crafted malicious SVG file. Successful exploitation could lead to denial of service, information disclosure, or other impacts, depending on the application's privileges and data access.
7.8 (High)
Affected products
Fixed
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for qt6-qtdeclarative is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Qt6 - QtDeclarative component.\n\nSecurity Fix(es):\n\n* qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file (CVE-2025-14576)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:20567",
"url": "https://access.redhat.com/errata/RHSA-2026:20567"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2464114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464114"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20567.json"
}
],
"title": "Red Hat Security Advisory: qt6-qtdeclarative security update",
"tracking": {
"current_release_date": "2026-05-26T09:00:07+00:00",
"generator": {
"date": "2026-05-26T09:00:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:20567",
"initial_release_date": "2026-05-26T04:11:05+00:00",
"revision_history": [
{
"date": "2026-05-26T04:11:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-26T04:11:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:00:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"product": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"product_id": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative@6.10.1-1.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"product": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"product_id": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-devel@6.10.1-1.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"product": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"product_id": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-debugsource@6.10.1-1.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product_id": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-debuginfo@6.10.1-1.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product_id": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-devel-debuginfo@6.10.1-1.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product_id": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-examples-debuginfo@6.10.1-1.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product_id": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-tests-debuginfo@6.10.1-1.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"product": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"product_id": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-examples@6.10.1-1.el10_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"product": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"product_id": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-static@6.10.1-1.el10_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"product": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"product_id": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative@6.10.1-1.el10_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"product": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"product_id": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative@6.10.1-1.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"product": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"product_id": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-devel@6.10.1-1.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"product": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"product_id": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-debugsource@6.10.1-1.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product_id": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-debuginfo@6.10.1-1.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product_id": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-devel-debuginfo@6.10.1-1.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product_id": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-examples-debuginfo@6.10.1-1.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product_id": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-tests-debuginfo@6.10.1-1.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"product": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"product_id": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-examples@6.10.1-1.el10_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"product": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"product_id": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-static@6.10.1-1.el10_2.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"product": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"product_id": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative@6.10.1-1.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"product": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"product_id": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-devel@6.10.1-1.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"product": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"product_id": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-debugsource@6.10.1-1.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product_id": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-debuginfo@6.10.1-1.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product_id": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-devel-debuginfo@6.10.1-1.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product_id": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-examples-debuginfo@6.10.1-1.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product_id": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-tests-debuginfo@6.10.1-1.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"product": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"product_id": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-examples@6.10.1-1.el10_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"product": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"product_id": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-static@6.10.1-1.el10_2.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"product": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"product_id": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative@6.10.1-1.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"product": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"product_id": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-devel@6.10.1-1.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"product": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"product_id": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-debugsource@6.10.1-1.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product_id": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-debuginfo@6.10.1-1.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product_id": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-devel-debuginfo@6.10.1-1.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product_id": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-examples-debuginfo@6.10.1-1.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product_id": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-tests-debuginfo@6.10.1-1.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"product": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"product_id": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-examples@6.10.1-1.el10_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"product": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"product_id": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-qtdeclarative-static@6.10.1-1.el10_2.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src"
},
"product_reference": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src"
},
"product_reference": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64"
},
"product_reference": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le"
},
"product_reference": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x"
},
"product_reference": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
},
"product_reference": "qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14576",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-04-30T13:01:32.429694+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464114"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Qt SVG module and the VectorImage component in Qt Quick. This vulnerability allows a remote attacker to inject arbitrary QML/JavaScript code by tricking a user into loading a specially crafted malicious SVG file. Successful exploitation could lead to denial of service, information disclosure, or other impacts, depending on the application\u0027s privileges and data access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14576"
},
{
"category": "external",
"summary": "RHBZ#2464114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14576"
},
{
"category": "external",
"summary": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273",
"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273"
}
],
"release_date": "2026-04-30T12:39:40.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T04:11:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20567"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"AppStream-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"AppStream-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.src",
"CRB-10.2.Z:qt6-qtdeclarative-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-debugsource-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-devel-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-devel-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-examples-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-examples-debuginfo-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-static-0:6.10.1-1.el10_2.1.x86_64",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.aarch64",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.ppc64le",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.s390x",
"CRB-10.2.Z:qt6-qtdeclarative-tests-debuginfo-0:6.10.1-1.el10_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file"
}
]
}
RHSA-2026:7620
Vulnerability from csaf_redhat - Published: 2026-04-10 23:58 - Updated: 2026-05-26 09:00Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
qt5:
* qt5-filesystem-5.15.18-2.1.hum1 (aarch64, x86_64)
* qt5-rpm-macros-5.15.18-2.1.hum1 (noarch)
* qt5-srpm-macros-5.15.18-2.1.hum1 (noarch)
* qt5-5.15.18-2.1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Qt SVG module and the VectorImage component in Qt Quick. This vulnerability allows a remote attacker to inject arbitrary QML/JavaScript code by tricking a user into loading a specially crafted malicious SVG file. Successful exploitation could lead to denial of service, information disclosure, or other impacts, depending on the application's privileges and data access.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:qt5-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:qt5-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:qt5-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:qt5-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nqt5:\n * qt5-filesystem-5.15.18-2.1.hum1 (aarch64, x86_64)\n * qt5-rpm-macros-5.15.18-2.1.hum1 (noarch)\n * qt5-srpm-macros-5.15.18-2.1.hum1 (noarch)\n * qt5-5.15.18-2.1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7620",
"url": "https://access.redhat.com/errata/RHSA-2026:7620"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14576",
"url": "https://access.redhat.com/security/cve/CVE-2025-14576"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7620.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-05-26T09:00:07+00:00",
"generator": {
"date": "2026-05-26T09:00:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:7620",
"initial_release_date": "2026-04-10T23:58:05+00:00",
"revision_history": [
{
"date": "2026-04-10T23:58:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-06T16:35:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:00:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-main@src",
"product": {
"name": "qt5-main@src",
"product_id": "qt5-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5@5.15.18-2.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-main@aarch64",
"product": {
"name": "qt5-main@aarch64",
"product_id": "qt5-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-filesystem@5.15.18-2.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-main@x86_64",
"product": {
"name": "qt5-main@x86_64",
"product_id": "qt5-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-filesystem@5.15.18-2.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qt5-main@noarch",
"product": {
"name": "qt5-main@noarch",
"product_id": "qt5-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt5-rpm-macros@5.15.18-2.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:qt5-main@aarch64"
},
"product_reference": "qt5-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:qt5-main@noarch"
},
"product_reference": "qt5-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:qt5-main@src"
},
"product_reference": "qt5-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt5-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:qt5-main@x86_64"
},
"product_reference": "qt5-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14576",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-04-30T13:01:32.429694+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464114"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Qt SVG module and the VectorImage component in Qt Quick. This vulnerability allows a remote attacker to inject arbitrary QML/JavaScript code by tricking a user into loading a specially crafted malicious SVG file. Successful exploitation could lead to denial of service, information disclosure, or other impacts, depending on the application\u0027s privileges and data access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:qt5-main@aarch64",
"Red Hat Hardened Images:qt5-main@noarch",
"Red Hat Hardened Images:qt5-main@src",
"Red Hat Hardened Images:qt5-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14576"
},
{
"category": "external",
"summary": "RHBZ#2464114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14576"
},
{
"category": "external",
"summary": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273",
"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273"
}
],
"release_date": "2026-04-30T12:39:40.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T23:58:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:qt5-main@aarch64",
"Red Hat Hardened Images:qt5-main@noarch",
"Red Hat Hardened Images:qt5-main@src",
"Red Hat Hardened Images:qt5-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7620"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:qt5-main@aarch64",
"Red Hat Hardened Images:qt5-main@noarch",
"Red Hat Hardened Images:qt5-main@src",
"Red Hat Hardened Images:qt5-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file"
}
]
}
RHSA-2026:7846
Vulnerability from csaf_redhat - Published: 2026-04-13 10:05 - Updated: 2026-05-26 09:00Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
qt6:
* qt6-filesystem-6.11.0-1.hum1 (aarch64, x86_64)
* qt6-rpm-macros-6.11.0-1.hum1 (noarch)
* qt6-srpm-macros-6.11.0-1.hum1 (noarch)
* qt6-6.11.0-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Qt SVG module and the VectorImage component in Qt Quick. This vulnerability allows a remote attacker to inject arbitrary QML/JavaScript code by tricking a user into loading a specially crafted malicious SVG file. Successful exploitation could lead to denial of service, information disclosure, or other impacts, depending on the application's privileges and data access.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:qt6-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:qt6-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:qt6-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:qt6-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nqt6:\n * qt6-filesystem-6.11.0-1.hum1 (aarch64, x86_64)\n * qt6-rpm-macros-6.11.0-1.hum1 (noarch)\n * qt6-srpm-macros-6.11.0-1.hum1 (noarch)\n * qt6-6.11.0-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7846",
"url": "https://access.redhat.com/errata/RHSA-2026:7846"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14576",
"url": "https://access.redhat.com/security/cve/CVE-2025-14576"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7846.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-05-26T09:00:07+00:00",
"generator": {
"date": "2026-05-26T09:00:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:7846",
"initial_release_date": "2026-04-13T10:05:01+00:00",
"revision_history": [
{
"date": "2026-04-13T10:05:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-07T03:12:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:00:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "qt6-main@src",
"product": {
"name": "qt6-main@src",
"product_id": "qt6-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6@6.11.0-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "qt6-main@aarch64",
"product": {
"name": "qt6-main@aarch64",
"product_id": "qt6-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-filesystem@6.11.0-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "qt6-main@x86_64",
"product": {
"name": "qt6-main@x86_64",
"product_id": "qt6-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-filesystem@6.11.0-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qt6-main@noarch",
"product": {
"name": "qt6-main@noarch",
"product_id": "qt6-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qt6-rpm-macros@6.11.0-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:qt6-main@aarch64"
},
"product_reference": "qt6-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:qt6-main@noarch"
},
"product_reference": "qt6-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:qt6-main@src"
},
"product_reference": "qt6-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qt6-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:qt6-main@x86_64"
},
"product_reference": "qt6-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14576",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-04-30T13:01:32.429694+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464114"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Qt SVG module and the VectorImage component in Qt Quick. This vulnerability allows a remote attacker to inject arbitrary QML/JavaScript code by tricking a user into loading a specially crafted malicious SVG file. Successful exploitation could lead to denial of service, information disclosure, or other impacts, depending on the application\u0027s privileges and data access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:qt6-main@aarch64",
"Red Hat Hardened Images:qt6-main@noarch",
"Red Hat Hardened Images:qt6-main@src",
"Red Hat Hardened Images:qt6-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14576"
},
{
"category": "external",
"summary": "RHBZ#2464114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14576"
},
{
"category": "external",
"summary": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273",
"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273"
}
],
"release_date": "2026-04-30T12:39:40.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T10:05:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:qt6-main@aarch64",
"Red Hat Hardened Images:qt6-main@noarch",
"Red Hat Hardened Images:qt6-main@src",
"Red Hat Hardened Images:qt6-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7846"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:qt6-main@aarch64",
"Red Hat Hardened Images:qt6-main@noarch",
"Red Hat Hardened Images:qt6-main@src",
"Red Hat Hardened Images:qt6-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…