CVE-2021-3481
qt: Out of bounds read in function QRadialFetchSimd from crafted svg file
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
Se ha encontrado un fallo en Qt. Se encontró una vulnerabilidad de lectura fuera de límites en QRadialFetchSimd en el archivo qt/qtbase/src/gui/painting/qdrawhelper_p.h en Qt/Qtbase. Este fallo puede conllevar a un acceso no autorizado a la memoria al renderizar y mostrar un archivo Scalable Vector Graphics (SVG) diseñado. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad de la aplicación.
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality the application availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-01 CVE Reserved
- 2021-11-10 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-11-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://bugreports.qt.io/browse/QTBUG-91507 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-3481 | 2021-11-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1931444 | 2021-11-09 | |
| https://codereview.qt-project.org/c/qt/qtsvg/+/337646 | 2023-08-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 5.15.1 Search vendor "Qt" for product "Qt" and version "5.15.1" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 6.0.0 Search vendor "Qt" for product "Qt" and version "6.0.0" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 6.0.2 Search vendor "Qt" for product "Qt" and version "6.0.2" | - |
Affected
| ||||||
| Qt Search vendor "Qt" | Qt Search vendor "Qt" for product "Qt" | 6.2.0 Search vendor "Qt" for product "Qt" and version "6.2.0" | - |
Affected
| ||||||