CVE-2021-3481 — Out-of-bounds Read in Qtsvg-opensource-src

CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 80.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Qtsvg-opensource-src QT

Timeline

PublishedAug 22

Latest updateAug 23

Description

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶debiandebian/qtsvg-opensource-src< qtsvg-opensource-src 5.15.2-3 (bookworm)

▶CVEListV5qt/qtFixed in qt 5.12.11, qt 5.15.4, qt 6.0.3, qt 6.1.0RC.

▶NVDqt/qt4 versions+3

🔴Vulnerability Details

GHSA

GHSA-jgc8-vf4g-2f67: A flaw was found in Qt↗2022-08-23

▶

OSV

CVE-2021-3481: A flaw was found in Qt↗2022-08-22

▶

📋Vendor Advisories

Ubuntu

QtSvg vulnerabilities↗2022-01-19

▶

Red Hat

qt: Out of bounds read in function QRadialFetchSimd from crafted svg file↗2021-02-22

▶

Debian

CVE-2021-3481: qtsvg-opensource-src - A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadial...↗2021

▶