CVE-2021-3481

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.

CVSS v3.0 7.1 HIGH

7.1^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://codereview.qt-project.org/c/qt/qtsvg/+/337646	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1931444	Issue Tracking Third Party Advisory
https://bugreports.qt.io/browse/QTBUG-91507	Exploit Vendor Advisory
https://access.redhat.com/security/cve/CVE-2021-3481	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:qt:qt:5.15.1:::::::*
	cpe:2.3:a:qt:qt:6.0.2:::::::*
	cpe:2.3:a:qt:qt:6.0.0:-::::::
	cpe:2.3:a:qt:qt:6.2.0:-::::::

Information

Published : 2022-08-22 08:15

Updated : 2022-08-24 17:42

NVD link : CVE-2021-3481

Mitre link : CVE-2021-3481

JSON object : View

CWE

CWE-125

Out-of-bounds Read

Advertisement

Products Affected

qt

qt

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646", "name": "https://codereview.qt-project.org/c/qt/qtsvg/+/337646", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1931444", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://bugreports.qt.io/browse/QTBUG-91507", "name": "https://bugreports.qt.io/browse/QTBUG-91507", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://access.redhat.com/security/cve/CVE-2021-3481", "name": "https://access.redhat.com/security/cve/CVE-2021-3481", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-125"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-3481", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}}, "publishedDate": "2022-08-22T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:qt:qt:6.2.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-25T00:42Z"}