CVE-2026-6210— Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6210
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash
Source: NVD (National Vulnerability Database)
Vulnerability Description
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a <line> element) that references itself as a marker triggers an out-of-bounds heap read due to the object size difference between QSvgLine and QSvgMarker, followed by an endless recursion that bypasses the marker recursion guard through incorrect virtual dispatch. The result is an application crash (denial of service). This issue affects Qt SVG: from 6.7.0 before 6.8.8, from 6.9.0 before 6.11.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不兼容类型访问资源(类型混淆)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| The Qt Company | Qt | 6.7.0 ~ 6.8.8 | - |
II. Public POCs for CVE-2026-6210
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6210
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Qt
- CVE-2025-14576
Possible QML code injection in VectorImage component - CVE-2025-12385
Improper validation of <img> tag size in Text component pars - CVE-2025-23050
Qt 缓冲区错误漏洞 - CVE-2025-6338
Possible denial of service with multiple incoming connection - CVE-2025-10729
Use-after-free vulnerability in Qt SVG qsvghandler.cpp allow
Same vendor: The Qt Company
- CVE-2025-14576
Possible QML code injection in VectorImage component - CVE-2025-12385
Improper validation of <img> tag size in Text component pars - CVE-2025-6338
Possible denial of service with multiple incoming connection - CVE-2025-10729
Use-after-free vulnerability in Qt SVG qsvghandler.cpp allow - CVE-2025-10728
Uncontrolled recursion in Qt SVG module
V. Comments for CVE-2026-6210
No comments yet