+ qtsvg: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to execution of arbitrary code.
+ qtsvg
+ 2025-11-24
+ 2025-11-24
+ 915998
+ 963710
+ local and remote
+
+
+ 6.9.3:6
+ 6.9.3:6
+
+
+
+ qtsvg is a SVG rendering library for the Qt framework.
+
+
+ Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All qtsvg users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtsvg-6.9.3"
+
+
+
+ CVE-2023-45872
+ CVE-2025-10728
+ CVE-2025-10729
+
+ graaff
+ sam
+
diff --git a/vulnerabilities/tests/test_data/gentoo_v2/glsa-202511-03-expected.json b/vulnerabilities/tests/test_data/gentoo_v2/glsa-202511-03-expected.json
new file mode 100644
index 000000000..4b65d7b07
--- /dev/null
+++ b/vulnerabilities/tests/test_data/gentoo_v2/glsa-202511-03-expected.json
@@ -0,0 +1,59 @@
+[
+ {
+ "advisory_id": "GLSA-202511-03",
+ "aliases": [
+ "CVE-2023-45872",
+ "CVE-2025-10728",
+ "CVE-2025-10729"
+ ],
+ "summary": "Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to execution of arbitrary code.",
+ "affected_packages": [
+ {
+ "package": {
+ "type": "ebuild",
+ "namespace": "dev-qt",
+ "name": "qtsvg",
+ "version": "",
+ "qualifiers": "",
+ "subpath": ""
+ },
+ "affected_version_range": "vers:ebuild/<6.9.3",
+ "fixed_version_range": null,
+ "introduced_by_commit_patches": [],
+ "fixed_by_commit_patches": []
+ },
+ {
+ "package": {
+ "type": "ebuild",
+ "namespace": "dev-qt",
+ "name": "qtsvg",
+ "version": "",
+ "qualifiers": "",
+ "subpath": ""
+ },
+ "affected_version_range": null,
+ "fixed_version_range": "vers:ebuild/>=6.9.3",
+ "introduced_by_commit_patches": [],
+ "fixed_by_commit_patches": []
+ }
+ ],
+ "references": [
+ {
+ "reference_id": "GLSA-202511-03",
+ "reference_type": "",
+ "url": "https://security.gentoo.org/glsa/202511-03"
+ }
+ ],
+ "patches": [],
+ "severities": [
+ {
+ "system": "generic_textual",
+ "value": "high",
+ "scoring_elements": ""
+ }
+ ],
+ "date_published": null,
+ "weaknesses": [],
+ "url": "https://security.gentoo.org/glsa/202511-03"
+ }
+]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gentoo_v2/glsa-202511-03.xml b/vulnerabilities/tests/test_data/gentoo_v2/glsa-202511-03.xml
new file mode 100644
index 000000000..0ee9d44d5
--- /dev/null
+++ b/vulnerabilities/tests/test_data/gentoo_v2/glsa-202511-03.xml
@@ -0,0 +1,45 @@
+
+
+