Unrated severityNVD Advisory· Published Dec 31, 2021· Updated Aug 4, 2024
CVE-2021-45930
CVE-2021-45930
Description
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
Affected products
30- Qt/Qt SVGdescription
- osv-coords29 versionspkg:rpm/almalinux/qt5-qtsvgpkg:rpm/almalinux/qt5-qtsvg-develpkg:rpm/almalinux/qt5-qtsvg-examplespkg:rpm/opensuse/libqt5-qtsvg&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/libqt5-qtsvg&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Manager%20Server%204.2
< 5.15.2-4.el8+ 28 more
- (no CPE)range: < 5.15.2-4.el8
- (no CPE)range: < 5.15.2-4.el8
- (no CPE)range: < 5.15.2-4.el8
- (no CPE)range: < 5.15.2+kde16-150400.3.3.1
- (no CPE)range: < 5.15.8+kde8-150500.3.3.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 5.15.2+kde16-150400.3.3.1
- (no CPE)range: < 5.15.8+kde8-150500.3.3.1
- (no CPE)range: < 5.15.2+kde16-150400.3.3.1
- (no CPE)range: < 5.15.8+kde8-150500.3.3.1
- (no CPE)range: < 5.12.7-150200.3.8.1
- (no CPE)range: < 5.6.2-3.11.1
- (no CPE)range: < 5.6.2-3.11.1
- (no CPE)range: < 5.6.2-3.11.1
- (no CPE)range: < 5.12.7-150200.3.8.1
- (no CPE)range: < 5.12.7-150200.3.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GKOKVCSDZSOWWR3HOW5XUIUJC4MKQY5/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZIXNSX7FV733TWTTLY6FHSH3SCNQKKD/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V75XNX4GDB64N5BSOAN474RUXXS5OHRU/mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2022/01/msg00020.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2022/01/msg00022.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2023/08/msg00028.htmlmitremailing-list
- bugs.chromium.org/p/oss-fuzz/issues/detailmitre
- bugs.chromium.org/p/oss-fuzz/issues/detailmitre
- github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yamlmitre
- github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620mitre
- github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670mitre
- github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fcmitre
News mentions
0No linked articles in our index yet.