CVE-2021-3481 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	An out-of-bounds (OOB) memory access security issue was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt. While processing a crafted SVG input file, parsed doubles are interpreted as floats, and this may lead to an unauthorised memory access problem, and may even lead to a denial of service.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1769	qt5-svg	5.15.2-1	5.15.2-2	Medium	Fixed	FS#70262
AVG-1768	qt6-svg	6.0.2-1	6.0.3-1	Medium	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1931444 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668 https://bugreports.qt.io/browse/QTBUG-91507 https://codereview.qt-project.org/c/qt/qtsvg/+/337587 https://codereview.qt-project.org/gitweb?p=qt/qtsvg.git;a=commitdiff;h=0fa522904d65b73d48d5fadf690131e9ebb58d2a https://codereview.qt-project.org/gitweb?p=qt/qtsvg.git;a=commitdiff;h=9311a42677db244cd1c584f27270fa73f69d90d7

References

https://bugzilla.redhat.com/show_bug.cgi?id=1931444
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668
https://bugreports.qt.io/browse/QTBUG-91507
https://codereview.qt-project.org/c/qt/qtsvg/+/337587
https://codereview.qt-project.org/gitweb?p=qt/qtsvg.git;a=commitdiff;h=0fa522904d65b73d48d5fadf690131e9ebb58d2a
https://codereview.qt-project.org/gitweb?p=qt/qtsvg.git;a=commitdiff;h=9311a42677db244cd1c584f27270fa73f69d90d7