#VU78667 Out-of-bounds write in Qt


Published: 2023-07-25

Vulnerability identifier: #VU78667

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45930

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Qt
Universal components / Libraries / Scripting languages

Vendor:

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input within QtPrivate::QCommonArrayOps::growAppend() function. A remote attacker can create a specially crafted SVG file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
http://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc
http://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
http://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670
http://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620
http://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V75XNX4GDB64N5BSOAN474RUXXS5OHRU/
http://lists.debian.org/debian-lts-announce/2022/01/msg00020.html
http://lists.debian.org/debian-lts-announce/2022/01/msg00022.html
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GKOKVCSDZSOWWR3HOW5XUIUJC4MKQY5/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZIXNSX7FV733TWTTLY6FHSH3SCNQKKD/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for qtsvg
Multiple vulnerabilities in Dell ThinOS
Multiple vulnerabilities in Dell Peripheral Manager
SUSE update for libqt5-qtsvg
SUSE update for libqt4
SUSE update for libqt5-qtsvg
SUSE update for libqt5-qtsvg
SUSE update for libqt5-qtsvg
openEuler update for qt5-qtsvg
Denial of service in Qt