CVE-2021-45930

qt: out-of-bounds write may lead to DoS

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).

Qt SVG en Qt versiones 5.0.0 hasta 6.2.1, presenta una escritura fuera de límites en la función QtPrivate::QCommonArrayOps(QPainterPath::Element)::growAppend (llamada desde QPainterPath::addPath y QPathClipper::intersect).

A flaw was found in qtsvg's qsvghandler.cpp module. An attacker who is able to submit a crafted image file to an application that uses qsvghandler could cause an out-of-bounds write and potential denial of service to occur, depending on the application.

Scalable Vector Graphics is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Issues addressed include denial of service and out of bounds write vulnerabilities.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-31 CVE Reserved
2021-12-31 CVE Published
2024-08-04 CVE Updated
2024-08-04 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (14)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2022/01/msg00020.html	Mailing List
https://lists.debian.org/debian-lts-announce/2022/01/msg00022.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html	Mailing List

URL	Date	SRC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025	2024-08-04
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306	2024-08-04
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml	2024-08-04

URL	Date	SRC
https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620	2023-11-07
https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670	2023-11-07
https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc	2023-11-07

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GKOKVCSDZSOWWR3HOW5XUIUJC4MKQY5	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZIXNSX7FV733TWTTLY6FHSH3SCNQKKD	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V75XNX4GDB64N5BSOAN474RUXXS5OHRU	2023-11-07
https://access.redhat.com/security/cve/CVE-2021-45930	2022-05-10
https://bugzilla.redhat.com/show_bug.cgi?id=2037339	2022-05-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qt Search vendor "Qt"		Qtsvg Search vendor "Qt" for product "Qtsvg"				>= 5.0.0 <= 5.15.2 Search vendor "Qt" for product "Qtsvg" and version " >= 5.0.0 <= 5.15.2"		-		Affected
Qt Search vendor "Qt"		Qtsvg Search vendor "Qt" for product "Qtsvg"				>= 6.0.0 <= 6.2.1 Search vendor "Qt" for product "Qtsvg" and version " >= 6.0.0 <= 6.2.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected