CVE-2021-38593
Summary
| CVE | CVE-2021-38593 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-08-12 02:15:00 UTC |
|---|
| Updated | 2024-02-03 07:15:00 UTC |
|---|
| Description | Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Fedoraproject |
Fedora |
35 |
All |
All |
All |
| Operating System |
Fedoraproject |
Fedora |
36 |
All |
All |
All |
| Application |
Qt |
Qt |
All |
All |
All |
All |
| Application |
Qt |
Qt |
6.2.0 |
alpha1 |
All |
All |
| Application |
Qt |
Qt |
6.2.0 |
beta1 |
All |
All |
| Application |
Qt |
Qt |
6.2.0 |
beta2 |
All |
All |
| Application |
Qt |
Qt |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| oss-fuzz-vulns/OSV-2021-903.yaml at main · google/oss-fuzz-vulns · GitHub |
MISC |
github.com |
|
| Qt 5.15 Extended Support for subscription license holders |
MISC |
www.qt.io |
|
| [SECURITY] Fedora 36 Update: qt5-qtbase-5.15.3-2.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| QtGui: Multiple Vulnerabilities (GLSA 202402-03) — Gentoo security |
|
security.gentoo.org |
|
| Improve fix for avoiding huge number of tiny dashes · qt/qtbase@6b400e3 · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 35 Update: qt5-qtbase-5.15.2-31.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: qt5-qtbase-5.15.3-2.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Improve fix for avoiding huge number of tiny dashes · qt/qtbase@1ca02cf · GitHub |
MISC |
github.com |
|
| Qt 5.15 Release - Qt Wiki |
MISC |
wiki.qt.io |
|
| 35566 -
oss-fuzz -
OSS-Fuzz: Fuzzing the planet -
Monorail |
MISC |
bugs.chromium.org |
|
| Improve fix for avoiding huge number of tiny dashes · qt/qtbase@202143b · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 35 Update: qt5-qtbase-5.15.2-31.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159813 Oracle Enterprise Linux Security Update for qt5-qtbase (ELSA-2022-1796)
- 198505 Ubuntu Security Notification for Qt Vulnerabilities (USN-5081-1)
- 240315 Red Hat Update for qt5-qtbase (RHSA-2022:1796)
- 282794 Fedora Security Update for qt5 (FEDORA-2022-54760f7fa4)
- 282825 Fedora Security Update for qt5 (FEDORA-2022-4131ced81a)
- 354803 Amazon Linux Security Advisory for qt5-qtbase : ALAS2-2023-1967
- 710852 Gentoo Linux QtGui Multiple Vulnerabilities (GLSA 202402-03)
- 900308 CBL-Mariner Linux Security Update for qt5-qtbase 5.12.11
- 901007 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (6838-1)
- 902949 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (5930)
- 905830 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (5930-1)
- 906494 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (6838-2)
- 907990 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (34211-1)
- 940494 AlmaLinux Security Update for qt5-qtbase (ALSA-2022:1796)
- 960370 Rocky Linux Security Update for qt5-qtbase (RLSA-2022:1796)
