Description
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.
References (5)
Core 5
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-3481
Exploit, Vendor Advisory
https://bugreports.qt.io/browse/QTBUG-91507
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1931444
Vendor Advisory
https://codereview.qt-project.org/c/qt/qtsvg/+/337646
Scores
CVSS v3
7.1
EPSS
0.0006
EPSS Percentile
19.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (4)
qt/qt
5.15.1
qt/qt
6.0.0
qt/qt
6.0.2
qt/qt
6.2.0
Published
Aug 22, 2022
Tracked Since
Feb 18, 2026