#VU78667 Out-of-bounds write in Qt - CVE-2021-45930
Published: July 25, 2023
Vulnerability identifier: #VU78667
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-45930
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Qt
Qt
Software vendor:
Trolltech
Trolltech
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input within QtPrivate::QCommonArrayOps::growAppend() function. A remote attacker can create a specially crafted SVG file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.
Remediation
Install updates from vendor's website.
External links
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
- https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
- https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670
- https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V75XNX4GDB64N5BSOAN474RUXXS5OHRU/
- https://lists.debian.org/debian-lts-announce/2022/01/msg00020.html
- https://lists.debian.org/debian-lts-announce/2022/01/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GKOKVCSDZSOWWR3HOW5XUIUJC4MKQY5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZIXNSX7FV733TWTTLY6FHSH3SCNQKKD/