Unrated severityNVD Advisory· Published May 10, 2023· Updated Jan 27, 2025

CVE-2023-32573

Description

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.

Affected products

Qt/Qtdescription
osv-coords47 versions
pkg:rpm/almalinux/qt5 pkg:rpm/almalinux/qt5-devel pkg:rpm/almalinux/qt5-qtbase pkg:rpm/almalinux/qt5-qtbase-common pkg:rpm/almalinux/qt5-qtbase-devel pkg:rpm/almalinux/qt5-qtbase-examples pkg:rpm/almalinux/qt5-qtbase-gui pkg:rpm/almalinux/qt5-qtbase-mysql pkg:rpm/almalinux/qt5-qtbase-odbc pkg:rpm/almalinux/qt5-qtbase-postgresql pkg:rpm/almalinux/qt5-qtbase-private-devel pkg:rpm/almalinux/qt5-qtbase-static pkg:rpm/almalinux/qt5-qtsvg pkg:rpm/almalinux/qt5-qtsvg-devel pkg:rpm/almalinux/qt5-qtsvg-examples pkg:rpm/almalinux/qt5-rpm-macros pkg:rpm/almalinux/qt5-srpm-macros pkg:rpm/opensuse/libqt5-qtsvg&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/libqt5-qtsvg&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/qt6-svg&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/qt6-svg-docs&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/libqt5-qtsvg&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/qt6-svg&distro=SUSE%20Package%20Hub%2015%20SP4 pkg:rpm/suse/qt6-svg-docs&distro=SUSE%20Package%20Hub%2015%20SP4
< 5.15.9-1.el9+ 46 more
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.9-7.el9
- (no CPE)range: < 5.15.3-2.el8
- (no CPE)range: < 5.15.3-2.el8
- (no CPE)range: < 5.15.3-2.el8
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.9-1.el9
- (no CPE)range: < 5.15.2+kde16-150400.3.3.1
- (no CPE)range: < 5.15.8+kde8-150500.3.3.1
- (no CPE)range: < 6.2.2-bp154.2.3.1
- (no CPE)range: < 6.2.2-bp154.2.3.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 5.15.2+kde16-150400.3.3.1
- (no CPE)range: < 5.15.8+kde8-150500.3.3.1
- (no CPE)range: < 5.15.2+kde16-150400.3.3.1
- (no CPE)range: < 5.15.8+kde8-150500.3.3.1
- (no CPE)range: < 5.12.7-150200.3.8.1
- (no CPE)range: < 5.6.2-3.11.1
- (no CPE)range: < 5.6.2-3.11.1
- (no CPE)range: < 5.6.2-3.11.1
- (no CPE)range: < 5.12.7-150200.3.8.1
- (no CPE)range: < 5.12.7-150200.3.8.1
- (no CPE)range: < 6.2.2-bp154.2.3.1
- (no CPE)range: < 6.2.2-bp154.2.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX/mitrevendor-advisory
lists.debian.org/debian-lts-announce/2023/08/msg00028.htmlmitremailing-list
codereview.qt-project.org/c/qt/qtsvg/+/474093mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000