#15197 closed enhancement (fixed)
qt5 (svg) - fix CVE-2021-3481
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
I noticed a fix (in mageia) this week for an out of bounds read in qtsvg, although distros (fedora, debian, arch) fixed it in March-April.
Details of the CVE are not yet public, perhaps because non-commercial Qt is still affected, but there is a summary at https://access.redhat.com/security/cve/CVE-2021-3481. This medium-severity vulnerability was found by google's fuzzing, raised as https://bugreports.qt.io/browse/QTBUG-91507 with further details at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668
I've got the patch from debian.
Change History (4)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 3 years ago
comment:3 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Security Advisory SA 10.064 created.
Note:
See TracTickets
for help on using tickets.
Fixed in @4d0615f14d06bb876284695cab4ea79108fcda92