OSV-2021-1143

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1143.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-1143

Published

2021-08-19T00:00:37.149406Z

Modified

2023-02-24T01:34:15.652409Z

Summary

UNKNOWN WRITE in QtPrivate::QPodArrayOps<QPainterPath::Element>::copyAppend

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306

This is the same issue as OSV-2021-1121 which it replaced after that one was closed wrongly.

Crash type: UNKNOWN WRITE
Crash state:
QtPrivate::QPodArrayOps<QPainterPath::Element>::copyAppend
QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend
QList<QPainterPath::Element>::append

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306

Affected packages

OSS-Fuzz / qt

Package

Name: qt
Purl: pkg:generic/qt

Affected ranges

Type: GIT
Repo: git://code.qt.io/qt/qtsvg.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a3b753c2d077313fc9eb93af547051b956e383fc

Fixed

79bb9f51fa374106a612d17c9d98d35d807be670

Fixed

36cfd9efb9b22b891adee9c48d30202289cfa620

Fixed

3b6c8eea207f42c561088395b80c64e5f82f7169

Fixed

6958581c5cfa6ceb75edcd8b64699b2e71af29f7

Affected versions

qt-v5.*

qt-v5.0.0-alpha1

v5.*

v5.0.0

v5.0.0-beta1

v5.0.0-beta2

v5.0.0-rc1

v5.0.0-rc2

v5.0.1

v5.0.2

v5.1.0

v5.1.0-alpha1

v5.1.0-beta1

v5.1.0-rc1

v5.1.0-rc2

v5.1.1

v5.10.0

v5.10.0-alpha1

v5.10.0-beta1

v5.10.0-beta2

v5.10.0-beta3

v5.10.0-beta4

v5.10.0-rc1

v5.10.0-rc2

v5.10.0-rc3

v5.10.1

v5.11.0

v5.11.0-alpha1

v5.11.0-beta1

v5.11.0-beta2

v5.11.0-beta3

v5.11.0-beta4

v5.11.0-rc1

v5.11.0-rc2

v5.11.1

v5.11.2

v5.11.3

v5.12.0

v5.12.0-alpha1

v5.12.0-beta1

v5.12.0-beta2

v5.12.0-beta3

v5.12.0-beta4

v5.12.0-rc1

v5.12.0-rc2

v5.12.1

v5.12.10

v5.12.11

v5.12.2

v5.12.3

v5.12.4

v5.12.5

v5.12.6

v5.12.7

v5.12.8

v5.12.9

v5.13.0

v5.13.0-alpha1

v5.13.0-beta1

v5.13.0-beta2

v5.13.0-beta3

v5.13.0-beta4

v5.13.0-rc1

v5.13.0-rc2

v5.13.0-rc3

v5.13.1

v5.13.2

v5.14.0

v5.14.0-alpha1

v5.14.0-beta1

v5.14.0-beta2

v5.14.0-beta3

v5.14.0-rc1

v5.14.0-rc2

v5.14.1

v5.14.2

v5.15.0

v5.15.0-alpha1

v5.15.0-beta1

v5.15.0-beta2

v5.15.0-beta3

v5.15.0-beta4

v5.15.0-rc1

v5.15.0-rc2

v5.15.1

v5.15.2

v5.15.3-lts-lgpl

v5.2.0

v5.2.0-alpha1

v5.2.0-beta1

v5.2.0-rc1

v5.2.1

v5.3.0

v5.3.0-alpha1

v5.3.0-beta1

v5.3.0-rc1

v5.3.1

v5.3.2

v5.4.0

v5.4.0-alpha1

v5.4.0-beta1

v5.4.0-rc1

v5.4.1

v5.4.2

v5.5.0

v5.5.0-alpha1

v5.5.0-beta1

v5.5.0-rc1

v5.5.1

v5.6.0

v5.6.0-alpha1

v5.6.0-beta1

v5.6.0-rc1

v5.6.1

v5.6.1-1

v5.6.2

v5.6.3

v5.7.0

v5.7.0-alpha1

v5.7.0-beta1

v5.7.0-rc1

v5.7.1

v5.8.0

v5.8.0-alpha1

v5.8.0-beta1

v5.8.0-rc1

v5.9.0

v5.9.0-alpha1

v5.9.0-beta1

v5.9.0-beta2

v5.9.0-beta3

v5.9.0-beta4

v5.9.0-rc1

v5.9.0-rc2

v5.9.1

v5.9.2

v5.9.3

v5.9.4

v5.9.5

v5.9.6

v5.9.7

v5.9.8

v5.9.9

v6.*

v6.0.0

v6.0.0-alpha1

v6.0.0-beta1

v6.0.0-beta2

v6.0.0-beta3

v6.0.0-beta4

v6.0.0-beta5

v6.0.0-rc1

v6.0.0-rc2

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.1.0

v6.1.0-alpha1

v6.1.0-beta1

v6.1.0-beta2

v6.1.0-beta3

v6.1.0-rc1

v6.1.0-rc2

v6.1.1

v6.1.2

v6.1.3

v6.2.0

v6.2.0-alpha1

v6.2.0-beta1

v6.2.0-beta2

v6.2.0-beta3

v6.2.0-beta4

v6.2.0-rc1

v6.2.0-rc2

v6.2.1

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

{
    "introduced_range": "e3834034f88af27d48f2f7a2cc6ab0c84d6faf1e:e8a86ab6c84f6618fae6f961c34c25ef42e91332",
    "fixed_range": "f320433979bdc5a17618d8fcb140bf0e8ab04503:3b6c8eea207f42c561088395b80c64e5f82f7169"
}