Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3481 (GCVE-0-2021-3481)
Vulnerability from cvelistv5 – Published: 2022-08-22 00:00 – Updated: 2024-08-03 16:53
VLAI?
EPSS
Summary
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
Severity ?
No CVSS data available.
CWE
- CWE-125 - - Out-of-bounds Read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"tags": [
"x_transferred"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qt",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in qt 5.12.11, qt 5.15.4, qt 6.0.3, qt 6.1.0RC."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 - Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T00:06:13.050Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3481",
"datePublished": "2022-08-22T00:00:00.000Z",
"dateReserved": "2021-04-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:53:17.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3481
Vulnerability from fstec - Published: 22.08.2022
VLAI Severity ?
Title
Уязвимость компонента qdrawhelper_p.h кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость компонента qdrawhelper_p.h кроссплатформенного фреймворка для разработки программного обеспечения Qt связана с чтением данных за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании
Severity ?
Vendor
Red Hat Inc., Novell Inc., ООО «Ред Софт», ООО «РусБИТех-Астра», АО "НППКТ", The Qt Company
Software Name
Red Hat Enterprise Linux, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE Linux Enterprise Workstation Extension, openSUSE Tumbleweed, SUSE Linux Enterprise Module for Basesystem, OpenSUSE Leap, SUSE Linux Enterprise Module for Desktop Applications, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), SUSE Linux Enterprise High Performance Computing, SUSE Manager Proxy, SUSE Manager Server, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Manager Retail Branch Server, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), SUSE Liberty Linux, Qt
Software Version
8 (Red Hat Enterprise Linux), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 12 SP5 (SUSE Linux Enterprise Workstation Extension), - (openSUSE Tumbleweed), 15 SP2 (SUSE Linux Enterprise Module for Basesystem), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP3 (SUSE Linux Enterprise Module for Basesystem), 15 SP3 (SUSE Linux Enterprise Module for Desktop Applications), 15.3 (OpenSUSE Leap), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 15.4 (OpenSUSE Leap), 15 SP3 (SUSE Linux Enterprise High Performance Computing), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 15 SP3 (Suse Linux Enterprise Desktop), 7 (SUSE Enterprise Storage), 15 SP2 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 4.1 (SUSE Manager Server), 4.1 (SUSE Manager Proxy), 4.1 (SUSE Manager Retail Branch Server), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP2 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (Suse Linux Enterprise Desktop), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 7.1 (SUSE Enterprise Storage), 15 SP4 (SUSE Linux Enterprise Module for Basesystem), 15 SP4 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 15 SP5 (SUSE Linux Enterprise Module for Desktop Applications), до 2.9 (ОСОН ОСнова Оnyx), 8 (SUSE Liberty Linux), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15 SP6 (SUSE Linux Enterprise Module for Basesystem), 15 SP6 (SUSE Linux Enterprise Module for Desktop Applications), 1.8 (Astra Linux Special Edition), 6.2.0 (Qt), 6.0.2 (Qt), 6.0.0 (Qt), 5.15.1 (Qt)
Possible Mitigations
Использование рекомендаций:
https://access.redhat.com/security/cve/CVE-2021-3481\
Для РедОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-qt5/?sphrase_id=644283
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2021-3481
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2021-3481.html
Обновление программного обеспечения qt4-x11 до версии 4:4.8.7+dfsg.repack-18+deb10u2.osnova1
Для ОС Astra Linux:
обновить пакет qt4-x11 до 4:4.8.7+dfsg-20astra10 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0904SE18MD
Для ОС Astra Linux:
- обновить пакет qt4-x11 до 4:4.8.7+dfsg-20astra7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17
- обновить пакет qtsvg-opensource-src до 5.15.2-0astra5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17
Для ОС Astra Linux:
- обновить пакет qt4-x11 до 4:4.8.7+dfsg-20astra7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47
- обновить пакет qtsvg-opensource-src до 5.15.2-0astra5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47
Reference
https://redos.red-soft.ru/support/secure/
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-qt5/?sphrase_id=644283
https://access.redhat.com/security/cve/CVE-2021-3481\
https://access.redhat.com/security/cve/cve-2021-3481
https://www.suse.com/security/cve/CVE-2021-3481.html
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0904SE18MD
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47
CWE
CWE-125
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:N/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", The Qt Company",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 12 SP5 (SUSE Linux Enterprise Workstation Extension), - (openSUSE Tumbleweed), 15 SP2 (SUSE Linux Enterprise Module for Basesystem), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP3 (SUSE Linux Enterprise Module for Basesystem), 15 SP3 (SUSE Linux Enterprise Module for Desktop Applications), 15.3 (OpenSUSE Leap), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 15.4 (OpenSUSE Leap), 15 SP3 (SUSE Linux Enterprise High Performance Computing), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 15 SP3 (Suse Linux Enterprise Desktop), 7 (SUSE Enterprise Storage), 15 SP2 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 4.1 (SUSE Manager Server), 4.1 (SUSE Manager Proxy), 4.1 (SUSE Manager Retail Branch Server), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP2 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (Suse Linux Enterprise Desktop), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 7.1 (SUSE Enterprise Storage), 15 SP4 (SUSE Linux Enterprise Module for Basesystem), 15 SP4 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 15 SP5 (SUSE Linux Enterprise Module for Desktop Applications), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 8 (SUSE Liberty Linux), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15 SP6 (SUSE Linux Enterprise High Performance Computing), 15 SP6 (SUSE Linux Enterprise Module for Basesystem), 15 SP6 (SUSE Linux Enterprise Module for Desktop Applications), 1.8 (Astra Linux Special Edition), 6.2.0 (Qt), 6.0.2 (Qt), 6.0.0 (Qt), 5.15.1 (Qt)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://access.redhat.com/security/cve/CVE-2021-3481\\\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-qt5/?sphrase_id=644283\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2021-3481\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-3481.html\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f qt4-x11 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4:4.8.7+dfsg.repack-18+deb10u2.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 qt4-x11 \u0434\u043e 4:4.8.7+dfsg-20astra10 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0904SE18MD\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 qt4-x11 \u0434\u043e 4:4.8.7+dfsg-20astra7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 qtsvg-opensource-src \u0434\u043e 5.15.2-0astra5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 qt4-x11 \u0434\u043e 4:4.8.7+dfsg-20astra7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 qtsvg-opensource-src \u0434\u043e 5.15.2-0astra5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.08.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.10.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.02.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-01017",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-3481",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE Linux Enterprise Workstation Extension, openSUSE Tumbleweed, SUSE Linux Enterprise Module for Basesystem, OpenSUSE Leap, SUSE Linux Enterprise Module for Desktop Applications, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), SUSE Linux Enterprise High Performance Computing, SUSE Manager Proxy, SUSE Manager Server, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Manager Retail Branch Server, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), SUSE Liberty Linux, Qt",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. Suse Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5 , Novell Inc. openSUSE Tumbleweed - , Novell Inc. OpenSUSE Leap 15.2 , Novell Inc. OpenSUSE Leap 15.3 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.4 , Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. Suse Linux Enterprise Desktop 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2 , Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. Suse Linux Enterprise Desktop 15 SP2 , Novell Inc. Suse Linux Enterprise Desktop 15 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5 , Novell Inc. Suse Linux Enterprise Server 15 SP5 , Novell Inc. Suse Linux Enterprise Desktop 15 SP5 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Novell Inc. SUSE Liberty Linux 8 , Novell Inc. Suse Linux Enterprise Desktop 15 SP6 , Novell Inc. Suse Linux Enterprise Server 15 SP6 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 qdrawhelper_p.h \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Qt, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 qdrawhelper_p.h \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Qt \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-qt5/?sphrase_id=644283\nhttps://access.redhat.com/security/cve/CVE-2021-3481\\\nhttps://access.redhat.com/security/cve/cve-2021-3481\nhttps://www.suse.com/security/cve/CVE-2021-3481.html\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0904SE18MD\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}
GHSA-JGC8-VF4G-2F67
Vulnerability from github – Published: 2022-08-23 00:00 – Updated: 2022-08-26 00:03
VLAI?
Details
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
Severity ?
7.1 (High)
{
"affected": [],
"aliases": [
"CVE-2021-3481"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-22T15:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.",
"id": "GHSA-jgc8-vf4g-2f67",
"modified": "2022-08-26T00:03:41Z",
"published": "2022-08-23T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3481"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"type": "WEB",
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"type": "WEB",
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2021-3481
Vulnerability from osv_almalinux
Published
2021-11-09 08:31
Modified
2021-11-12 10:21
Summary
Moderate: qt5 security, bug fix, and enhancement update
Details
Qt is a software toolkit for developing applications.
The following packages have been upgraded to a later upstream version: adwaita-qt (1.2.1), python-qt5 (5.15.0), qgnomeplatform (0.7.1), qt5 (5.15.2), qt5-qt3d (5.15.2), qt5-qtbase (5.15.2), qt5-qtconnectivity (5.15.2), qt5-qtdeclarative (5.15.2), qt5-qtdoc (5.15.2), qt5-qtgraphicaleffects (5.15.2), qt5-qtimageformats (5.15.2), qt5-qtlocation (5.15.2), qt5-qtmultimedia (5.15.2), qt5-qtquickcontrols (5.15.2), qt5-qtquickcontrols2 (5.15.2), qt5-qtscript (5.15.2), qt5-qtsensors (5.15.2), qt5-qtserialbus (5.15.2), qt5-qtserialport (5.15.2), qt5-qtsvg (5.15.2), qt5-qttools (5.15.2), qt5-qttranslations (5.15.2), qt5-qtwayland (5.15.2), qt5-qtwebchannel (5.15.2), qt5-qtwebsockets (5.15.2), qt5-qtx11extras (5.15.2), qt5-qtxmlpatterns (5.15.2), sip (4.19.24). (BZ#1928156)
Security Fix(es):
- qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "adwaita-qt5"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.1-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libadwaita-qt5"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.1-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python-qt5-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.0-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-pyqt5-sip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.19.24-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-qt5"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.0-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-qt5-base"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.0-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-qt5-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.0-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-sip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.19.24-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-wx-siplib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.19.24-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qgnomeplatform"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.1-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-assistant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-designer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-doctools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-linguist"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qdbusviewer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qt3d"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qt3d-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qt3d-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtbase"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtbase-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtbase-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtbase-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtbase-gui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtbase-mysql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtbase-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtbase-postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtbase-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtbase-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtcanvas3d"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.12.5-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtcanvas3d-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.12.5-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtconnectivity"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtconnectivity-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtconnectivity-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtdeclarative"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtdeclarative-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtdeclarative-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtdeclarative-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtdoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtgraphicaleffects"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtimageformats"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtlocation"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtlocation-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtlocation-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtmultimedia"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtmultimedia-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtmultimedia-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtquickcontrols"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtquickcontrols-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtquickcontrols2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtquickcontrols2-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtquickcontrols2-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtscript"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtscript-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtscript-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtsensors"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtsensors-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtsensors-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtserialbus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtserialbus-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtserialbus-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtserialport"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtserialport-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtserialport-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtsvg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtsvg-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtsvg-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qttools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qttools-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qttools-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qttools-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qttools-libs-designer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qttools-libs-designercomponents"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qttools-libs-help"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qttools-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-3.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qttranslations"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtwayland"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtwayland-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtwayland-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtwebchannel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtwebchannel-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtwebchannel-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtwebsockets"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtwebsockets-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtwebsockets-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtx11extras"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtx11extras-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtxmlpatterns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtxmlpatterns-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-qtxmlpatterns-examples"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "qt5-srpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.2-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "sip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.19.24-2.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Qt is a software toolkit for developing applications.\n\nThe following packages have been upgraded to a later upstream version: adwaita-qt (1.2.1), python-qt5 (5.15.0), qgnomeplatform (0.7.1), qt5 (5.15.2), qt5-qt3d (5.15.2), qt5-qtbase (5.15.2), qt5-qtconnectivity (5.15.2), qt5-qtdeclarative (5.15.2), qt5-qtdoc (5.15.2), qt5-qtgraphicaleffects (5.15.2), qt5-qtimageformats (5.15.2), qt5-qtlocation (5.15.2), qt5-qtmultimedia (5.15.2), qt5-qtquickcontrols (5.15.2), qt5-qtquickcontrols2 (5.15.2), qt5-qtscript (5.15.2), qt5-qtsensors (5.15.2), qt5-qtserialbus (5.15.2), qt5-qtserialport (5.15.2), qt5-qtsvg (5.15.2), qt5-qttools (5.15.2), qt5-qttranslations (5.15.2), qt5-qtwayland (5.15.2), qt5-qtwebchannel (5.15.2), qt5-qtwebsockets (5.15.2), qt5-qtx11extras (5.15.2), qt5-qtxmlpatterns (5.15.2), sip (4.19.24). (BZ#1928156)\n\nSecurity Fix(es):\n\n* qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:4172",
"modified": "2021-11-12T10:21:01Z",
"published": "2021-11-09T08:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-4172.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-3481"
}
],
"related": [
"CVE-2021-3481"
],
"summary": "Moderate: qt5 security, bug fix, and enhancement update"
}
GSD-2021-3481
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-3481",
"description": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.",
"id": "GSD-2021-3481",
"references": [
"https://www.suse.com/security/cve/CVE-2021-3481.html",
"https://access.redhat.com/errata/RHSA-2021:4172",
"https://ubuntu.com/security/CVE-2021-3481",
"https://advisories.mageia.org/CVE-2021-3481.html",
"https://security.archlinux.org/CVE-2021-3481"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-3481"
],
"details": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.",
"id": "GSD-2021-3481",
"modified": "2023-12-13T01:23:34.932717Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qt",
"version": {
"version_data": [
{
"version_value": "Fixed in qt 5.12.11, qt 5.15.4, qt 6.0.3, qt 6.1.0RC."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 - Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugreports.qt.io/browse/QTBUG-91507",
"refsource": "MISC",
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"name": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646",
"refsource": "MISC",
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-3481",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qt:qt:6.2.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3481"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"name": "https://bugreports.qt.io/browse/QTBUG-91507",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-3481",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"name": "[debian-lts-announce] 20230822 [SECURITY] [DLA 3539-1] qt4-x11 security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2023-08-23T01:15Z",
"publishedDate": "2022-08-22T15:15Z"
}
}
}
FKIE_CVE-2021-3481
Vulnerability from fkie_nvd - Published: 2022-08-22 15:15 - Updated: 2024-11-21 06:21
Severity ?
Summary
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7FCB6B-872F-4900-A2CF-192AFECC4DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C0A66DBD-439D-45EA-BC80-502314D5B0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC14C9CB-1965-4659-8254-17EAB448616D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qt:qt:6.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2B6E9814-F9BA-4A0C-8420-DAAB4A810567",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en Qt. Se encontr\u00f3 una vulnerabilidad de lectura fuera de l\u00edmites en QRadialFetchSimd en el archivo qt/qtbase/src/gui/painting/qdrawhelper_p.h en Qt/Qtbase. Este fallo puede conllevar a un acceso no autorizado a la memoria al renderizar y mostrar un archivo Scalable Vector Graphics (SVG) dise\u00f1ado. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad de la aplicaci\u00f3n."
}
],
"id": "CVE-2021-3481",
"lastModified": "2024-11-21T06:21:38.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-22T15:15:13.363",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugreports.qt.io/browse/QTBUG-91507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…