UBUNTU-CVE-2021-3481

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2021-3481
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-3481.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-3481
Upstream
Downstream
Related
Published
2021-04-03T00:00:00Z
Modified
2025-07-14T06:34:39.365615Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
  • - low
Summary
[none]
Details

A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.

References

Affected packages

Ubuntu:Pro:14.04:LTS / qt4-x11

Package

Name
qt4-x11
Purl
pkg:deb/ubuntu/qt4-x11@4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4:4.*

4:4.8.4+dfsg-0ubuntu18
4:4.8.4+dfsg-0ubuntu19
4:4.8.4+dfsg-0ubuntu20
4:4.8.4+dfsg-0ubuntu21
4:4.8.4+dfsg-0ubuntu22
4:4.8.5+git192-g085f851+dfsg-2ubuntu3
4:4.8.5+git192-g085f851+dfsg-2ubuntu4
4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1

Ubuntu:Pro:16.04:LTS / qt4-x11

Package

Name
qt4-x11
Purl
pkg:deb/ubuntu/qt4-x11@4:4.8.7+dfsg-5ubuntu2?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4:4.*

4:4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu8
4:4.8.7+dfsg-5ubuntu1
4:4.8.7+dfsg-5ubuntu2

Ubuntu:Pro:16.04:LTS / qtsvg-opensource-src

Package

Name
qtsvg-opensource-src
Purl
pkg:deb/ubuntu/qtsvg-opensource-src@5.5.1-2build1?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2-2build1
5.5.1-2build1

Ubuntu:18.04:LTS / qtsvg-opensource-src

Package

Name
qtsvg-opensource-src
Purl
pkg:deb/ubuntu/qtsvg-opensource-src@5.9.5-0ubuntu1.1?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.5-0ubuntu1.1

Affected versions

5.*

5.9.1-2
5.9.2-2
5.9.2-3
5.9.3-0ubuntu1
5.9.4-0ubuntu1
5.9.5-0ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "libqt5svg5",
            "binary_version": "5.9.5-0ubuntu1.1"
        },
        {
            "binary_name": "libqt5svg5-dbgsym",
            "binary_version": "5.9.5-0ubuntu1.1"
        },
        {
            "binary_name": "libqt5svg5-dev",
            "binary_version": "5.9.5-0ubuntu1.1"
        },
        {
            "binary_name": "qtsvg5-doc",
            "binary_version": "5.9.5-0ubuntu1.1"
        },
        {
            "binary_name": "qtsvg5-doc-html",
            "binary_version": "5.9.5-0ubuntu1.1"
        },
        {
            "binary_name": "qtsvg5-examples",
            "binary_version": "5.9.5-0ubuntu1.1"
        },
        {
            "binary_name": "qtsvg5-examples-dbgsym",
            "binary_version": "5.9.5-0ubuntu1.1"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:Pro:18.04:LTS / qt4-x11

Package

Name
qt4-x11
Purl
pkg:deb/ubuntu/qt4-x11@4:4.8.7+dfsg-7ubuntu1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4:4.*

4:4.8.7+dfsg-7ubuntu1

Ubuntu:Pro:20.04:LTS / qtsvg-opensource-src

Package

Name
qtsvg-opensource-src
Purl
pkg:deb/ubuntu/qtsvg-opensource-src@5.12.8-0ubuntu1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4-1
5.12.5-2
5.12.5-2build1
5.12.8-0ubuntu1

Ubuntu:22.04:LTS / qtsvg-opensource-src

Package

Name
qtsvg-opensource-src
Purl
pkg:deb/ubuntu/qtsvg-opensource-src@5.15.3-1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.2-3
5.15.2-4
5.15.3-1

Ubuntu:24.04:LTS / qtsvg-opensource-src

Package

Name
qtsvg-opensource-src
Purl
pkg:deb/ubuntu/qtsvg-opensource-src@5.15.13-1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.10-2
5.15.12-1
5.15.12-1build1
5.15.12-1build2
5.15.13-1

Ubuntu:25.04 / qtsvg-opensource-src

Package

Name
qtsvg-opensource-src
Purl
pkg:deb/ubuntu/qtsvg-opensource-src@5.15.15-2?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.15-1
5.15.15-2