Unrated severityNVD Advisory· Published Aug 22, 2022· Updated Aug 3, 2024

CVE-2021-3481

Description

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.

Affected products

114

Qt/Qtbasedescription
osv-coords113 versions
pkg:rpm/almalinux/adwaita-qt5 pkg:rpm/almalinux/libadwaita-qt5 pkg:rpm/almalinux/python3-pyqt5-sip pkg:rpm/almalinux/python3-qt5 pkg:rpm/almalinux/python3-qt5-base pkg:rpm/almalinux/python3-qt5-devel pkg:rpm/almalinux/python3-sip-devel pkg:rpm/almalinux/python3-wx-siplib pkg:rpm/almalinux/python-qt5-rpm-macros pkg:rpm/almalinux/qgnomeplatform pkg:rpm/almalinux/qt5-assistant pkg:rpm/almalinux/qt5-designer pkg:rpm/almalinux/qt5-devel pkg:rpm/almalinux/qt5-doctools pkg:rpm/almalinux/qt5-linguist pkg:rpm/almalinux/qt5-qdbusviewer pkg:rpm/almalinux/qt5-qt3d pkg:rpm/almalinux/qt5-qt3d-devel pkg:rpm/almalinux/qt5-qt3d-examples pkg:rpm/almalinux/qt5-qtbase pkg:rpm/almalinux/qt5-qtbase-common pkg:rpm/almalinux/qt5-qtbase-devel pkg:rpm/almalinux/qt5-qtbase-examples pkg:rpm/almalinux/qt5-qtbase-gui pkg:rpm/almalinux/qt5-qtbase-mysql pkg:rpm/almalinux/qt5-qtbase-odbc pkg:rpm/almalinux/qt5-qtbase-postgresql pkg:rpm/almalinux/qt5-qtbase-private-devel pkg:rpm/almalinux/qt5-qtbase-static pkg:rpm/almalinux/qt5-qtcanvas3d pkg:rpm/almalinux/qt5-qtcanvas3d-examples pkg:rpm/almalinux/qt5-qtconnectivity pkg:rpm/almalinux/qt5-qtconnectivity-devel pkg:rpm/almalinux/qt5-qtconnectivity-examples pkg:rpm/almalinux/qt5-qtdeclarative pkg:rpm/almalinux/qt5-qtdeclarative-devel pkg:rpm/almalinux/qt5-qtdeclarative-examples pkg:rpm/almalinux/qt5-qtdeclarative-static pkg:rpm/almalinux/qt5-qtdoc pkg:rpm/almalinux/qt5-qtgraphicaleffects pkg:rpm/almalinux/qt5-qtimageformats pkg:rpm/almalinux/qt5-qtlocation pkg:rpm/almalinux/qt5-qtlocation-devel pkg:rpm/almalinux/qt5-qtlocation-examples pkg:rpm/almalinux/qt5-qtmultimedia pkg:rpm/almalinux/qt5-qtmultimedia-devel pkg:rpm/almalinux/qt5-qtmultimedia-examples pkg:rpm/almalinux/qt5-qtquickcontrols pkg:rpm/almalinux/qt5-qtquickcontrols2 pkg:rpm/almalinux/qt5-qtquickcontrols2-devel pkg:rpm/almalinux/qt5-qtquickcontrols2-examples pkg:rpm/almalinux/qt5-qtquickcontrols-examples pkg:rpm/almalinux/qt5-qtscript pkg:rpm/almalinux/qt5-qtscript-devel pkg:rpm/almalinux/qt5-qtscript-examples pkg:rpm/almalinux/qt5-qtsensors pkg:rpm/almalinux/qt5-qtsensors-devel pkg:rpm/almalinux/qt5-qtsensors-examples pkg:rpm/almalinux/qt5-qtserialbus pkg:rpm/almalinux/qt5-qtserialbus-devel pkg:rpm/almalinux/qt5-qtserialbus-examples pkg:rpm/almalinux/qt5-qtserialport pkg:rpm/almalinux/qt5-qtserialport-devel pkg:rpm/almalinux/qt5-qtserialport-examples pkg:rpm/almalinux/qt5-qtsvg pkg:rpm/almalinux/qt5-qtsvg-devel pkg:rpm/almalinux/qt5-qtsvg-examples pkg:rpm/almalinux/qt5-qttools pkg:rpm/almalinux/qt5-qttools-common pkg:rpm/almalinux/qt5-qttools-devel pkg:rpm/almalinux/qt5-qttools-examples pkg:rpm/almalinux/qt5-qttools-libs-designer pkg:rpm/almalinux/qt5-qttools-libs-designercomponents pkg:rpm/almalinux/qt5-qttools-libs-help pkg:rpm/almalinux/qt5-qttools-static pkg:rpm/almalinux/qt5-qttranslations pkg:rpm/almalinux/qt5-qtwayland pkg:rpm/almalinux/qt5-qtwayland-devel pkg:rpm/almalinux/qt5-qtwayland-examples pkg:rpm/almalinux/qt5-qtwebchannel pkg:rpm/almalinux/qt5-qtwebchannel-devel pkg:rpm/almalinux/qt5-qtwebchannel-examples pkg:rpm/almalinux/qt5-qtwebsockets pkg:rpm/almalinux/qt5-qtwebsockets-devel pkg:rpm/almalinux/qt5-qtwebsockets-examples pkg:rpm/almalinux/qt5-qtx11extras pkg:rpm/almalinux/qt5-qtx11extras-devel pkg:rpm/almalinux/qt5-qtxmlpatterns pkg:rpm/almalinux/qt5-qtxmlpatterns-devel pkg:rpm/almalinux/qt5-qtxmlpatterns-examples pkg:rpm/almalinux/qt5-rpm-macros pkg:rpm/almalinux/qt5-srpm-macros pkg:rpm/almalinux/sip pkg:rpm/opensuse/libqt5-qtsvg&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/libqt5-qtsvg&distro=openSUSE%20Leap%2015.3 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 1.2.1-3.el8+ 112 more
- (no CPE)range: < 1.2.1-3.el8
- (no CPE)range: < 1.2.1-3.el8
- (no CPE)range: < 4.19.24-2.el8
- (no CPE)range: < 5.15.0-2.el8
- (no CPE)range: < 5.15.0-2.el8
- (no CPE)range: < 5.15.0-2.el8
- (no CPE)range: < 4.19.24-2.el8
- (no CPE)range: < 4.19.24-2.el8
- (no CPE)range: < 5.15.0-2.el8
- (no CPE)range: < 0.7.1-2.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-1.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.12.5-3.el8
- (no CPE)range: < 5.12.5-3.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-1.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-3.el8
- (no CPE)range: < 5.15.2-1.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-2.el8
- (no CPE)range: < 5.15.2-1.el8
- (no CPE)range: < 5.15.2-1.el8
- (no CPE)range: < 4.19.24-2.el8
- (no CPE)range: < 5.12.7-lp152.2.3.1
- (no CPE)range: < 5.12.7-3.3.1
- (no CPE)range: < 4.8.7-8.16.2
- (no CPE)range: < 4.8.7-8.16.2
- (no CPE)range: < 4.8.7-8.16.2
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 4.8.7-8.16.1
- (no CPE)range: < 5.12.7-3.3.1
- (no CPE)range: < 5.12.7-3.3.1
- (no CPE)range: < 5.12.7-3.3.1
- (no CPE)range: < 5.12.7-3.3.1
- (no CPE)range: < 5.6.2-3.6.1
- (no CPE)range: < 5.6.2-3.6.1
- (no CPE)range: < 5.6.2-3.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.debian.org/debian-lts-announce/2023/08/msg00028.htmlmitremailing-list
access.redhat.com/security/cve/CVE-2021-3481mitre
bugreports.qt.io/browse/QTBUG-91507mitre
bugzilla.redhat.com/show_bug.cgimitre
codereview.qt-project.org/c/qt/qtsvg/+/337646mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000