Fluid Attacks Database

Description

Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	qtsvg-opensource-src	=5.15.10-1 \|\| =5.15.10-2 \|\| =5.15.12-1 \|\| =5.15.13-1 \|\| =5.15.13-2 \|\| =5.15.15-1 \|\| =5.15.15-2 \|\| =5.15.17-1 \|\| =5.15.17-2 \|\| =5.15.17-3 \|\| =5.15.18-1 \|\| =5.15.2-3 \|\| =5.15.2-4 \|\| =5.15.3-1 \|\| =5.15.4-1 \|\| =5.15.4-2 \|\| =5.15.5-1 \|\| =5.15.6-1 \|\| =5.15.6-2 \|\| =5.15.7-1 \|\| =5.15.7-2 \|\| =5.15.8-1 \|\| =5.15.8-2 \|\| =5.15.8-3 \|\| =5.15.9-1	-
debian 12	qtsvg-opensource-src	>=0 <5.15.4-2	5.15.4-2
debian 13	qtsvg-opensource-src	>=0 <5.15.4-2	5.15.4-2
debian 14	qtsvg-opensource-src	>=0 <5.15.4-2	5.15.4-2
rpm rhel8	qt5-qtsvg	-	-
rpm rhel7	qt5-qtsvg	-	-
rpm rhel9	qt5-qtsvg	-	-

Aliases

1. CVE-2021-280252. NVD-2021-280253. OSV-DEBIAN-2021-280254. OSV-2021-280255. SECURITY-TRACKER-CVE-2021-28025

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.