CVE-2021-38593

qt: out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and QPaintEngineEx::stroke

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Qt 5.x antes de la versión 5.15.6 y 6.x hasta la versión 6.1.2 tiene una escritura fuera de límites en QOutlineMapper::convertPath (llamada desde QRasterPaintEngine::fill y QPaintEngineEx::stroke)

It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. It was discovered that Qt incorrectly handled certain graphics operations. If a user or automated system were tricked into performing certain graphics operations, a remote attacker could cause Qt to crash, resulting in a denial of service. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-08-12 CVE Reserved
2021-08-12 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (12)

URL	Tag	Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml	Third Party Advisory
https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders	Release Notes

URL	Date	SRC

URL	Date	SRC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566	2024-02-03
https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862	2024-02-03
https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd	2024-02-03
https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c	2024-02-03

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I	2024-02-03
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX	2024-02-03
https://security.gentoo.org/glsa/202402-03	2024-02-03
https://wiki.qt.io/Qt_5.15_Release#Known_Issues	2024-02-03
https://access.redhat.com/security/cve/CVE-2021-38593	2022-05-10
https://bugzilla.redhat.com/show_bug.cgi?id=1994719	2022-05-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				>= 5.0.0 < 5.15.6 Search vendor "Qt" for product "Qt" and version " >= 5.0.0 < 5.15.6"		-		Affected
Qt Search vendor "Qt"		Qt Search vendor "Qt" for product "Qt"				>= 6.0.0 <= 6.1.2 Search vendor "Qt" for product "Qt" and version " >= 6.0.0 <= 6.1.2"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				36 Search vendor "Fedoraproject" for product "Fedora" and version "36"		-		Affected