CVE-2021-28025 — Integer Overflow or Wraparound in Qtsvg-opensource-src

CWE-190 — Integer Overflow or Wraparound CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 91.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Qt6-svg Debian Qtsvg-opensource-src QT

Timeline

PublishedAug 11

Description

Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/qtsvg-opensource-src< qtsvg-opensource-src 5.15.4-2 (bookworm)

▶debiandebian/qt6-svg< qtsvg-opensource-src 5.15.4-2 (bookworm)

▶NVDqt/qt4 versions+3

🔴Vulnerability Details

OSV

CVE-2021-28025: Integer Overflow vulnerability in qsvghandler↗2023-08-11

▶

GHSA

GHSA-3w9r-2mqj-cf5c: Integer Overflow vulnerability in qsvghandler↗2023-08-11

▶

📋Vendor Advisories

Red Hat

qt-qtsvg: Out of bounds read in function `QRadialFetchSimd<QSimdSse2>::fetch` when input craft svg file↗2023-08-11

▶

Debian

CVE-2021-28025: qt6-svg - Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6...↗2021

▶