Unrated severityNVD Advisory· Published May 28, 2023· Updated Aug 2, 2024

CVE-2023-32763

Description

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.

Affected products

Qt/Qtdescription
osv-coords49 versions
pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/qt6-base&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/qt6-base-docs&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/libqt4-devel-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt4-sql-plugins&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/libqt5-qtbase&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5 pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4 pkg:rpm/suse/qt6-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 5.15.2+kde294-150400.6.6.1+ 48 more
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.3.1
- (no CPE)range: < 5.15.9+kde154-1.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.3.1
- (no CPE)range: < 6.5.2-2.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.3.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.22.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 4.8.7-8.19.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.3.1
- (no CPE)range: < 5.15.2+kde294-150400.6.6.1
- (no CPE)range: < 5.15.8+kde185-150500.4.3.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.6.2-6.33.1
- (no CPE)range: < 5.6.2-6.33.1
- (no CPE)range: < 5.6.2-6.33.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.6.2-6.33.1
- (no CPE)range: < 5.6.2-6.33.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.6.2-6.33.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.12.7-150200.4.20.1
- (no CPE)range: < 5.6.2-6.33.1
- (no CPE)range: < 5.6.2-6.33.1
- (no CPE)range: < 6.4.2-150500.3.3.1
- (no CPE)range: < 6.2.2-150400.4.6.1
- (no CPE)range: < 6.4.2-150500.3.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202402-03mitrevendor-advisory
lists.debian.org/debian-lts-announce/2023/08/msg00028.htmlmitremailing-list
lists.debian.org/debian-lts-announce/2024/04/msg00027.htmlmitremailing-list
codereview.qt-project.org/c/qt/qtbase/+/476125mitre
lists.qt-project.org/pipermail/announce/2023-May/000413.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000