Fluid Attacks Database

Description

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOpsQPainterPath::Element::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	qtsvg-opensource-src	=5.15.10-1 \|\| =5.15.10-2 \|\| =5.15.12-1 \|\| =5.15.13-1 \|\| =5.15.13-2 \|\| =5.15.15-1 \|\| =5.15.15-2 \|\| =5.15.17-1 \|\| =5.15.17-2 \|\| =5.15.17-3 \|\| =5.15.18-1 \|\| =5.15.2-3 \|\| =5.15.2-4 \|\| =5.15.3-1 \|\| =5.15.4-1 \|\| =5.15.4-2 \|\| =5.15.5-1 \|\| =5.15.6-1 \|\| =5.15.6-2 \|\| =5.15.7-1 \|\| =5.15.7-2 \|\| =5.15.8-1 \|\| =5.15.8-2 \|\| =5.15.8-3 \|\| =5.15.9-1	-
debian 12	qtsvg-opensource-src	>=0 <5.15.2-4	5.15.2-4
debian 14	qtsvg-opensource-src	>=0 <5.15.2-4	5.15.2-4
debian 13	qtsvg-opensource-src	>=0 <5.15.2-4	5.15.2-4
rpm rhel7	qt5-qtsvg	-	-
rpm rhel6	qt	-	-
rpm rhel7	qt	-	-
rpm rhel8	qt5-qtsvg	<0:5.15.2-4.el8	0:5.15.2-4.el8

Aliases

1. CVE-2021-459302. NVD-2021-459303. OSV-DEBIAN-2021-459304. OSV-2021-459305. SECURITY-TRACKER-CVE-2021-45930

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.