qt5 (svg) - fix CVE-2021-3481
|Reported by:||Owned by:|
I noticed a fix (in mageia) this week for an out of bounds read in qtsvg, although distros (fedora, debian, arch) fixed it in March-April.
Details of the CVE are not yet public, perhaps because non-commercial Qt is still affected, but there is a summary at https://access.redhat.com/security/cve/CVE-2021-3481. This medium-severity vulnerability was found by google's fuzzing, raised as https://bugreports.qt.io/browse/QTBUG-91507 with further details at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668
I've got the patch from debian.