CVE-2021-45930
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-45930
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45930.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-45930
- Downstream
- Related
- Published
- 2022-01-01T01:15:08Z
- Modified
- 2025-10-21T06:41:30.571202Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
- References
-
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
- https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620
- https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670
- https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc
- https://lists.debian.org/debian-lts-announce/2022/01/msg00020.html
- https://lists.debian.org/debian-lts-announce/2022/01/msg00022.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GKOKVCSDZSOWWR3HOW5XUIUJC4MKQY5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZIXNSX7FV733TWTTLY6FHSH3SCNQKKD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V75XNX4GDB64N5BSOAN474RUXXS5OHRU/
Affected packages
Git / github.com/qt/qtsvg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qt/qtsvg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
qt-v5.*
qt-v5.0.0-alpha1
v5.*
v5.0.0
v5.0.0-beta1
v5.0.0-beta2
v5.0.0-rc1
v5.0.0-rc2
v5.0.1
v5.0.2
v5.1.0
v5.1.0-alpha1
v5.1.0-beta1
v5.1.0-rc1
v5.1.0-rc2
v5.1.1
v5.10.0
v5.10.0-alpha1
v5.10.0-beta1
v5.10.0-beta2
v5.10.0-beta3
v5.10.0-beta4
v5.10.0-rc1
v5.10.0-rc2
v5.10.0-rc3
v5.10.1
v5.11.0
v5.11.0-alpha1
v5.11.0-beta1
v5.11.0-beta2
v5.11.0-beta3
v5.11.0-beta4
v5.11.0-rc1
v5.11.0-rc2
v5.11.1
v5.11.2
v5.11.3
v5.12.0
v5.12.0-alpha1
v5.12.0-beta1
v5.12.0-beta2
v5.12.0-beta3
v5.12.0-beta4
v5.12.0-rc1
v5.12.0-rc2
v5.12.1
v5.12.11
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.12.6
v5.12.7
v5.12.8
v5.12.9
v5.13.0
v5.13.0-alpha1
v5.13.0-beta1
v5.13.0-beta2
v5.13.0-beta3
v5.13.0-beta4
v5.13.0-rc1
v5.13.0-rc2
v5.13.0-rc3
v5.13.1
v5.13.2
v5.14.0
v5.14.0-alpha1
v5.14.0-beta1
v5.14.0-beta2
v5.14.0-beta3
v5.14.0-rc1
v5.14.0-rc2
v5.14.1
v5.14.2
v5.15.0
v5.15.0-alpha1
v5.15.0-beta1
v5.15.0-beta2
v5.15.0-beta3
v5.15.0-beta4
v5.15.0-rc1
v5.15.0-rc2
v5.2.0
v5.2.0-alpha1
v5.2.0-beta1
v5.2.0-rc1
v5.2.1
v5.3.0
v5.3.0-alpha1
v5.3.0-beta1
v5.3.0-rc1
v5.3.1
v5.3.2
v5.4.0
v5.4.0-alpha1
v5.4.0-beta1
v5.4.0-rc1
v5.4.1
v5.4.2
v5.5.0
v5.5.0-alpha1
v5.5.0-beta1
v5.5.0-rc1
v5.5.1
v5.6.0
v5.6.0-alpha1
v5.6.0-beta1
v5.6.0-rc1
v5.6.1
v5.6.1-1
v5.6.2
v5.7.0
v5.7.0-alpha1
v5.7.0-beta1
v5.7.0-rc1
v5.7.1
v5.8.0
v5.8.0-alpha1
v5.8.0-beta1
v5.8.0-rc1
v5.9.0
v5.9.0-alpha1
v5.9.0-beta1
v5.9.0-beta2
v5.9.0-beta3
v5.9.0-beta4
v5.9.0-rc1
v5.9.0-rc2
v5.9.1
v5.9.2
v5.9.3
v5.9.4
v6.*
v6.0.0-alpha1
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-beta3
v6.0.0-beta4
v6.0.0-beta5
v6.2.0-alpha1
v6.2.0-beta1
v6.2.0-beta2
v6.2.0-beta3
v6.2.0-beta4
Database specific
vanir_signatures
[
{
"source": "https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670",
"target": {
"function": "parsePathDataFast",
"file": "src/svg/qsvghandler.cpp"
},
"deprecated": false,
"id": "CVE-2021-45930-0fea7f14",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 5873.0,
"function_hash": "237349539407575290880165639091044829427"
}
},
{
"source": "https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670",
"target": {
"function": "createPathNode",
"file": "src/svg/qsvghandler.cpp"
},
"deprecated": false,
"id": "CVE-2021-45930-18e3276b",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 260.0,
"function_hash": "22664460336088048164437824955174280066"
}
},
{
"source": "https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc",
"target": {
"file": "src/svg/qsvghandler.cpp"
},
"deprecated": false,
"id": "CVE-2021-45930-20d9e9f7",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"62683293538356366748123422538084217604",
"66259520355073571974342431275235430189",
"330224351067661547045579550938858433669",
"110851679110151133861223839420494309423",
"215454757397286929716735354875114683246",
"114884599593155944999091413780464446843",
"208558297433289897690124428174953419346",
"179268040380559443082363488129284914622",
"64319606297248230794059766133771798803",
"167032248842890905591528196233980395029",
"140604476628133985858706767355743889658",
"1496629106554835914626975465927735289",
"219256068205569700031767260704901191728",
"28494924413591835249560458255879590779",
"69407597335676739159879707814264961694",
"309940502325702528349127477868299246959",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"339596664257191267722872952223172263076",
"44320716376878989246742065529162458367",
"309940502325702528349127477868299246959",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"301811181267095201939078654247003510524",
"189248914398341833641583734880569964238",
"38334896828802863984929670564488527150",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"125788091830926688034764237752563702146",
"189248914398341833641583734880569964238",
"38334896828802863984929670564488527150",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"149709696143292960057714479729443117301",
"26532945151594929964035866101628427945",
"280766332294752593408667512002073883353",
"14687872647738751654166662726185135125",
"249743739296070218436040918197221225818",
"135748082914709724224352386680676508086",
"339667329338441134012774610423829264636",
"280766332294752593408667512002073883353",
"14687872647738751654166662726185135125",
"249743739296070218436040918197221225818",
"31061021584562936639185440926858273732",
"329619933089236639085477289080254124299",
"190836690225213081664322269023390753497",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"317270552589464407342391542786580668482",
"329619933089236639085477289080254124299",
"190836690225213081664322269023390753497",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"317270552589464407342391542786580668482",
"281191177125636076313681269636381330013",
"318461119142054349169011400744258778974",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"131979474583978373630649198991169030283",
"281191177125636076313681269636381330013",
"318461119142054349169011400744258778974",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"271680698471822557749206618476653062023",
"209651465273758744949563953811784269145",
"271287268210858219157090522421432546386",
"68649812678940130784158202311198330589",
"249743739296070218436040918197221225818",
"101559039777602742662431053309702108601",
"209651465273758744949563953811784269145",
"271287268210858219157090522421432546386",
"68649812678940130784158202311198330589",
"249743739296070218436040918197221225818",
"141288904807226363073481694910960771016",
"42552037155200148502408219696879250068",
"89796763875206234747672140893896603246",
"27412886011935800042331465813199423554",
"249743739296070218436040918197221225818",
"162457162237985926720917454271077485016",
"206399918618874779654892124208642325338",
"89796763875206234747672140893896603246",
"27412886011935800042331465813199423554",
"249743739296070218436040918197221225818",
"162457162237985926720917454271077485016",
"37415825601299739301022543248796799547",
"222981842113018445298086962150850787644",
"28550261148651499783966605397172598240",
"159706180438932497076395068148059282544",
"146422478395764458307082448962084349444",
"14361478919370886827362222805788100087",
"63023319149774050960125992398873200987",
"283686758500405964024605018375197700160",
"328651234607113341419988316569677492639",
"193125009705975087920846422117195891995",
"88596955835527071135212605830406634567",
"136103620622345213203529501669113161403",
"201066770680636281209966811495181190668"
]
}
},
{
"source": "https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc",
"target": {
"function": "parsePathDataFast",
"file": "src/svg/qsvghandler.cpp"
},
"deprecated": false,
"id": "CVE-2021-45930-2747882f",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 5764.0,
"function_hash": "56913924235923864717652985139580490079"
}
},
{
"source": "https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670",
"target": {
"file": "src/svg/qsvghandler.cpp"
},
"deprecated": false,
"id": "CVE-2021-45930-42719e69",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"127495365576937852473836295686895347211",
"286293394187639868897133649366840211154",
"55160838619000306101708044850552802525",
"110851679110151133861223839420494309423",
"215454757397286929716735354875114683246",
"114884599593155944999091413780464446843",
"208558297433289897690124428174953419346",
"179268040380559443082363488129284914622",
"64319606297248230794059766133771798803",
"167032248842890905591528196233980395029",
"140604476628133985858706767355743889658",
"1496629106554835914626975465927735289",
"219256068205569700031767260704901191728",
"28494924413591835249560458255879590779",
"69407597335676739159879707814264961694",
"309940502325702528349127477868299246959",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"339596664257191267722872952223172263076",
"44320716376878989246742065529162458367",
"309940502325702528349127477868299246959",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"301811181267095201939078654247003510524",
"189248914398341833641583734880569964238",
"38334896828802863984929670564488527150",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"125788091830926688034764237752563702146",
"189248914398341833641583734880569964238",
"38334896828802863984929670564488527150",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"149709696143292960057714479729443117301",
"26532945151594929964035866101628427945",
"280766332294752593408667512002073883353",
"14687872647738751654166662726185135125",
"249743739296070218436040918197221225818",
"135748082914709724224352386680676508086",
"339667329338441134012774610423829264636",
"280766332294752593408667512002073883353",
"14687872647738751654166662726185135125",
"249743739296070218436040918197221225818",
"31061021584562936639185440926858273732",
"329619933089236639085477289080254124299",
"190836690225213081664322269023390753497",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"317270552589464407342391542786580668482",
"329619933089236639085477289080254124299",
"190836690225213081664322269023390753497",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"317270552589464407342391542786580668482",
"281191177125636076313681269636381330013",
"318461119142054349169011400744258778974",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"131979474583978373630649198991169030283",
"281191177125636076313681269636381330013",
"318461119142054349169011400744258778974",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"271680698471822557749206618476653062023",
"209651465273758744949563953811784269145",
"271287268210858219157090522421432546386",
"68649812678940130784158202311198330589",
"249743739296070218436040918197221225818",
"101559039777602742662431053309702108601",
"209651465273758744949563953811784269145",
"271287268210858219157090522421432546386",
"68649812678940130784158202311198330589",
"249743739296070218436040918197221225818",
"141288904807226363073481694910960771016",
"42552037155200148502408219696879250068",
"89796763875206234747672140893896603246",
"27412886011935800042331465813199423554",
"249743739296070218436040918197221225818",
"162457162237985926720917454271077485016",
"206399918618874779654892124208642325338",
"89796763875206234747672140893896603246",
"27412886011935800042331465813199423554",
"249743739296070218436040918197221225818",
"162457162237985926720917454271077485016",
"37415825601299739301022543248796799547",
"222981842113018445298086962150850787644",
"28550261148651499783966605397172598240",
"159706180438932497076395068148059282544",
"146422478395764458307082448962084349444",
"14361478919370886827362222805788100087",
"63023319149774050960125992398873200987",
"283686758500405964024605018375197700160",
"328651234607113341419988316569677492639",
"190447244031680060797438872700384565326",
"88596955835527071135212605830406634567",
"136103620622345213203529501669113161403",
"201066770680636281209966811495181190668"
]
}
},
{
"source": "https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc",
"target": {
"function": "createPathNode",
"file": "src/svg/qsvghandler.cpp"
},
"deprecated": false,
"id": "CVE-2021-45930-57d5d4f5",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 260.0,
"function_hash": "22664460336088048164437824955174280066"
}
},
{
"source": "https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620",
"target": {
"function": "createPathNode",
"file": "src/svg/qsvghandler.cpp"
},
"deprecated": false,
"id": "CVE-2021-45930-dd3a5515",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 260.0,
"function_hash": "22664460336088048164437824955174280066"
}
},
{
"source": "https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620",
"target": {
"file": "src/svg/qsvghandler.cpp"
},
"deprecated": false,
"id": "CVE-2021-45930-e9a0e360",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"127495365576937852473836295686895347211",
"286293394187639868897133649366840211154",
"55160838619000306101708044850552802525",
"110851679110151133861223839420494309423",
"215454757397286929716735354875114683246",
"114884599593155944999091413780464446843",
"208558297433289897690124428174953419346",
"179268040380559443082363488129284914622",
"64319606297248230794059766133771798803",
"167032248842890905591528196233980395029",
"140604476628133985858706767355743889658",
"1496629106554835914626975465927735289",
"219256068205569700031767260704901191728",
"28494924413591835249560458255879590779",
"69407597335676739159879707814264961694",
"309940502325702528349127477868299246959",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"339596664257191267722872952223172263076",
"44320716376878989246742065529162458367",
"309940502325702528349127477868299246959",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"301811181267095201939078654247003510524",
"189248914398341833641583734880569964238",
"38334896828802863984929670564488527150",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"125788091830926688034764237752563702146",
"189248914398341833641583734880569964238",
"38334896828802863984929670564488527150",
"139338491125812018420114515857084738230",
"114072514639913029123742381383824290546",
"149709696143292960057714479729443117301",
"26532945151594929964035866101628427945",
"280766332294752593408667512002073883353",
"14687872647738751654166662726185135125",
"249743739296070218436040918197221225818",
"135748082914709724224352386680676508086",
"339667329338441134012774610423829264636",
"280766332294752593408667512002073883353",
"14687872647738751654166662726185135125",
"249743739296070218436040918197221225818",
"31061021584562936639185440926858273732",
"329619933089236639085477289080254124299",
"190836690225213081664322269023390753497",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"317270552589464407342391542786580668482",
"329619933089236639085477289080254124299",
"190836690225213081664322269023390753497",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"317270552589464407342391542786580668482",
"281191177125636076313681269636381330013",
"318461119142054349169011400744258778974",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"131979474583978373630649198991169030283",
"281191177125636076313681269636381330013",
"318461119142054349169011400744258778974",
"317489081648720578814488109384655178821",
"249743739296070218436040918197221225818",
"271680698471822557749206618476653062023",
"209651465273758744949563953811784269145",
"271287268210858219157090522421432546386",
"68649812678940130784158202311198330589",
"249743739296070218436040918197221225818",
"101559039777602742662431053309702108601",
"209651465273758744949563953811784269145",
"271287268210858219157090522421432546386",
"68649812678940130784158202311198330589",
"249743739296070218436040918197221225818",
"141288904807226363073481694910960771016",
"42552037155200148502408219696879250068",
"89796763875206234747672140893896603246",
"27412886011935800042331465813199423554",
"249743739296070218436040918197221225818",
"162457162237985926720917454271077485016",
"206399918618874779654892124208642325338",
"89796763875206234747672140893896603246",
"27412886011935800042331465813199423554",
"249743739296070218436040918197221225818",
"162457162237985926720917454271077485016",
"37415825601299739301022543248796799547",
"222981842113018445298086962150850787644",
"28550261148651499783966605397172598240",
"159706180438932497076395068148059282544",
"146422478395764458307082448962084349444",
"14361478919370886827362222805788100087",
"63023319149774050960125992398873200987",
"283686758500405964024605018375197700160",
"328651234607113341419988316569677492639",
"190447244031680060797438872700384565326",
"88596955835527071135212605830406634567",
"136103620622345213203529501669113161403",
"201066770680636281209966811495181190668"
]
}
},
{
"source": "https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620",
"target": {
"function": "parsePathDataFast",
"file": "src/svg/qsvghandler.cpp"
},
"deprecated": false,
"id": "CVE-2021-45930-f48991b4",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 5873.0,
"function_hash": "237349539407575290880165639091044829427"
}
}
]