CVE-2021-45930

MEDIUM

Qt <5.15.2,6.2.1 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).

References (12)

Core 12
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/01/msg00020.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/01/msg00022.html
Exploit, Issue Tracking, Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
Exploit, Issue Tracking, Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306

Scores

CVSS v3 5.5
EPSS 0.0008
EPSS Percentile 23.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-787
Status published
Products (4)
debian/debian_linux 9.0
fedoraproject/fedora 34
fedoraproject/fedora 35
qt/qtsvg 5.0.0 - 5.15.2
Published Jan 01, 2022
Tracked Since Feb 18, 2026