First published: Fri Dec 31 2021(Updated: )
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Qt Qtsvg | >=5.0.0<=5.15.2 | |
Qt Qtsvg | >=6.0.0<=6.2.1 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Debian Debian Linux | =9.0 | |
>=5.0.0<=5.15.2 | ||
>=6.0.0<=6.2.1 | ||
=34 | ||
=35 | ||
=9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-45930 is a vulnerability in Qt SVG that allows for an out-of-bounds write in certain operations.
Qt SVG versions 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 are affected by CVE-2021-45930.
CVE-2021-45930 has a severity rating of 5.5, which is considered medium.
To fix CVE-2021-45930, it is recommended to upgrade Qt SVG to a version that is not affected.
More information about CVE-2021-45930 can be found in the following references: [reference links]