Bug#1002991: qtsvg-opensource-src: CVE-2021-45930
Source: qtsvg-opensource-src
Version: 5.15.2-3
Severity: important
Tags: security upstream
Forwarded: https://bugreports.qt.io/browse/QTBUG-96044
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 5.11.3-2
Hi,
The following vulnerability was published for qtsvg-opensource-src.
CVE-2021-45930[0]:
| Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-
| of-bounds write in
| QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend
| (called from QPainterPath::addPath and QPathClipper::intersect).
Note that for 5.12.y it was fixed with [6] in 5.12.12, but remains
unfixed in 5.15.2. The corresponding QT bug does not seem public,
still marking it as forwarded there.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-45930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45930
[1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
[2] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
[3] https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
[4] https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620 (dev)
[5] https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670 (v6.2.2)
[6] https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc (v5.12.12)
[7] https://bugreports.qt.io/browse/QTBUG-96044
Regards,
Salvatore
Reply to: