CVE-2021-3481

Published: 8/22/2022 Last updated: 8/3/2024 Reserved: 4/1/2021

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-qt oqamldebug

Products affected (1)

Product	Vendor	Version
qt	n/a	< 31e98e277ae47f56632e4d663b1d4fd12ba33ea8

References (20)

https://bugreports.qt.io/browse/QTBUG-91507
https://codereview.qt-project.org/c/qt/qtsvg/+/337646
https://bugzilla.redhat.com/show_bug.cgi?id=1931444
https://access.redhat.com/security/cve/CVE-2021-3481
https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
https://bugreports.qt.io/browse/QTBUG-91507
https://codereview.qt-project.org/c/qt/qtsvg/+/337646
https://bugzilla.redhat.com/show_bug.cgi?id=1931444
https://access.redhat.com/security/cve/CVE-2021-3481
https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
https://bugreports.qt.io/browse/QTBUG-91507
https://codereview.qt-project.org/c/qt/qtsvg/+/337646
https://bugzilla.redhat.com/show_bug.cgi?id=1931444
https://access.redhat.com/security/cve/CVE-2021-3481
https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
https://bugreports.qt.io/browse/QTBUG-91507
https://codereview.qt-project.org/c/qt/qtsvg/+/337646
https://bugzilla.redhat.com/show_bug.cgi?id=1931444
https://access.redhat.com/security/cve/CVE-2021-3481
https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html