---

CVE-2021-3481 - log back

CVE-2021-3481 edited at 02 Apr 2021 13:27:38
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ An out-of-bounds (OOB) memory access security issue was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt. While processing a crafted SVG input file, parsed doubles are interpreted as floats, and this may lead to an unauthorised memory access problem, and may even lead to a denial of service.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1931444 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668 + https://bugreports.qt.io/browse/QTBUG-91507 + https://codereview.qt-project.org/c/qt/qtsvg/+/337587 + https://codereview.qt-project.org/gitweb?p=qt/qtsvg.git;a=commitdiff;h=0fa522904d65b73d48d5fadf690131e9ebb58d2a + https://codereview.qt-project.org/gitweb?p=qt/qtsvg.git;a=commitdiff;h=9311a42677db244cd1c584f27270fa73f69d90d7
Notes

CVE-2021-3481 created at 02 Apr 2021 13:16:02