CVE-2021-28025
published 2023-08-11CVE-2021-28025: Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
PriorityP416medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.27%
18.0th percentile
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qt6-svg | < qtsvg-opensource-src 5.15.4-2 (bookworm) | qtsvg-opensource-src 5.15.4-2 (bookworm) |
| debian | qtsvg-opensource-src | < qtsvg-opensource-src 5.15.4-2 (bookworm) | qtsvg-opensource-src 5.15.4-2 (bookworm) |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| qt | qt | — | — |
| ubuntu | qtsvg-opensource-src | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM
vendor_ubuntu6.5MEDIUM
vendor_debian5.5LOW
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
QtSvg vulnerabilities
vendor_ubuntu·2026-05-28·CVSS 6.5
CVE-2023-32573 [MEDIUM] QtSvg vulnerabilities
Title: QtSvg vulnerabilities
Summary: Several security issues were fixed in QtSvg.
It was discovered that QtSvg incorrectly handled certain SVG images. An
attacker could possibly use this issue to cause QtSvg to crash, resulting in
a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2018-19869)
It was discovered that QtSvg incorrectly handled certain SVG images. An
attacker could use this issue to cause QtSvg to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3481,
CVE-2021-28025, CVE-2021-45930)
It was discovered that QtSvg incorrectly handled certain SVG images. An
attacker could use this issue to cause QtSvg to crash, resulting in a
denial of service, or possibly e
Red Hat
qt-qtsvg: Out of bounds read in function `QRadialFetchSimd<QSimdSse2>::fetch` when input craft svg file
vendor_redhat·2023-08-11·CVSS 5.5
CVE-2021-28025 [MEDIUM] CWE-125 qt-qtsvg: Out of bounds read in function `QRadialFetchSimd<QSimdSse2>::fetch` when input craft svg file
qt-qtsvg: Out of bounds read in function `QRadialFetchSimd::fetch` when input craft svg file
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
A flaw was found in the qt-qtsvg package. An integer overflow vulnerability in qsvghandler.cpp allows local attackers to cause a denial of service (DoS).
Statement: This CVE is under investigation by Red Hat Product Security.
Package: qt5-qtsvg (Red Hat Enterprise Linux 7) - Out of support scope
Package: qt5-qtsvg (Red Hat Enterprise Linux 8) - Affected
Package: qt5-qtsvg (Red Hat Enterprise Linux 9) - Affected
Debian
CVE-2021-28025: qt6-svg - Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6...
vendor_debian·2021·CVSS 5.5
CVE-2021-28025 [MEDIUM] CVE-2021-28025: qt6-svg - Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6...
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
Scope: local
bookworm: resolved
forky: resolved
sid: resolved
trixie: resolved
OSV
CVE-2021-28025: Integer Overflow vulnerability in qsvghandler
osv·2023-08-11·CVSS 5.5
CVE-2021-28025 [MEDIUM] CVE-2021-28025: Integer Overflow vulnerability in qsvghandler
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
GHSA
GHSA-3w9r-2mqj-cf5c: Integer Overflow vulnerability in qsvghandler
ghsa_unreviewed·2023-08-11
CVE-2021-28025 [MEDIUM] CWE-190 GHSA-3w9r-2mqj-cf5c: Integer Overflow vulnerability in qsvghandler
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-11
Published