Denial of service in Qt

1) Out-of-bounds write

EUVDB-ID: #VU78667

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45930

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input within QtPrivate::QCommonArrayOps::growAppend() function. A remote attacker can create a specially crafted SVG file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Qt: before 6.2.2

External links

http://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
http://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc
http://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
http://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670
http://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620
http://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V75XNX4GDB64N5BSOAN474RUXXS5OHRU/
http://lists.debian.org/debian-lts-announce/2022/01/msg00020.html
http://lists.debian.org/debian-lts-announce/2022/01/msg00022.html
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GKOKVCSDZSOWWR3HOW5XUIUJC4MKQY5/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZIXNSX7FV733TWTTLY6FHSH3SCNQKKD/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.