OSV-2021-235

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-235.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-235

Published

2021-01-25T00:00:16.933600Z

Modified

2023-04-20T22:54:29.645985Z

Summary

Global-buffer-overflow in QSvgSwitch::draw

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29873

Crash type: Global-buffer-overflow READ 1
Crash state:
QSvgSwitch::draw
QSvgTinyDocument::draw
QSvgTinyDocument::draw

References

Affected packages

OSS-Fuzz / qt

Package

Name: qt
Purl: pkg:generic/qt

Affected ranges

Type: GIT
Repo: git://code.qt.io/qt/qtsvg.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

117f4f34c6162eb8ac749569a5fff604713a3eba

Fixed

fc1a706440a33c792da08aa0f4b3ed2e0057e349

Fixed

afde7ca3a40f524e40052df696f74190452b22cb

Fixed

63714587d1ea7bc0ff0c31f68ac879e777b9a3cd

Affected versions

qt-v5.*

qt-v5.0.0-alpha1

v5.*

v5.0.0

v5.0.0-beta1

v5.0.0-beta2

v5.0.0-rc1

v5.0.0-rc2

v5.0.1

v5.0.2

v5.1.0

v5.1.0-alpha1

v5.1.0-beta1

v5.1.0-rc1

v5.1.0-rc2

v5.1.1

v5.10.0

v5.10.0-alpha1

v5.10.0-beta1

v5.10.0-beta2

v5.10.0-beta3

v5.10.0-beta4

v5.10.0-rc1

v5.10.0-rc2

v5.10.0-rc3

v5.10.1

v5.11.0

v5.11.0-alpha1

v5.11.0-beta1

v5.11.0-beta2

v5.11.0-beta3

v5.11.0-beta4

v5.11.0-rc1

v5.11.0-rc2

v5.11.1

v5.11.2

v5.11.3

v5.12.0

v5.12.0-alpha1

v5.12.0-beta1

v5.12.0-beta2

v5.12.0-beta3

v5.12.0-beta4

v5.12.0-rc1

v5.12.0-rc2

v5.12.1

v5.12.11

v5.12.12

v5.12.2

v5.12.3

v5.12.4

v5.12.5

v5.12.6

v5.12.7

v5.12.8

v5.12.9

v5.13.0

v5.13.0-alpha1

v5.13.0-beta1

v5.13.0-beta2

v5.13.0-beta3

v5.13.0-beta4

v5.13.0-rc1

v5.13.0-rc2

v5.13.0-rc3

v5.13.1

v5.13.2

v5.14.0

v5.14.0-alpha1

v5.14.0-beta1

v5.14.0-beta2

v5.14.0-beta3

v5.14.0-rc1

v5.14.0-rc2

v5.14.1

v5.14.2

v5.15.0

v5.15.0-alpha1

v5.15.0-beta1

v5.15.0-beta2

v5.15.0-beta3

v5.15.0-beta4

v5.15.0-rc1

v5.15.0-rc2

v5.15.3-lts-lgpl

v5.15.4-lts-lgpl

v5.15.5-lts-lgpl

v5.15.6-lts-lgpl

v5.15.7-lts-lgpl

v5.15.8-lts-lgpl

v5.15.9-lts-lgpl

v5.2.0

v5.2.0-alpha1

v5.2.0-beta1

v5.2.0-rc1

v5.2.1

v5.3.0

v5.3.0-alpha1

v5.3.0-beta1

v5.3.0-rc1

v5.3.1

v5.3.2

v5.4.0

v5.4.0-alpha1

v5.4.0-beta1

v5.4.0-rc1

v5.4.1

v5.4.2

v5.5.0

v5.5.0-alpha1

v5.5.0-beta1

v5.5.0-rc1

v5.5.1

v5.6.0

v5.6.0-alpha1

v5.6.0-beta1

v5.6.0-rc1

v5.6.1

v5.6.1-1

v5.6.2

v5.6.3

v5.7.0

v5.7.0-alpha1

v5.7.0-beta1

v5.7.0-rc1

v5.7.1

v5.8.0

v5.8.0-alpha1

v5.8.0-beta1

v5.8.0-rc1

v5.9.0

v5.9.0-alpha1

v5.9.0-beta1

v5.9.0-beta2

v5.9.0-beta3

v5.9.0-beta4

v5.9.0-rc1

v5.9.0-rc2

v5.9.1

v5.9.2

v5.9.3

v5.9.4

v5.9.5

v5.9.6

v5.9.7

v5.9.8

v5.9.9

v6.*

v6.0.0-alpha1

v6.0.0-beta1

v6.0.0-beta2

v6.0.0-beta3

v6.0.0-beta4

v6.0.0-beta5

v6.0.1

v6.1.0-alpha1

Ecosystem specific

{
    "introduced_range": "ac489d92a3ae32540c4794d85be6fb103c701ee8:1095b1abc6d233bc27321f46f71bbd85fe8556de"
}

Database specific

{
    "fixed_range": "7b3e2f369d9ba2ee5e636e1ec9b7a3890363e187:63714587d1ea7bc0ff0c31f68ac879e777b9a3cd"
}