Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 830381 (CVE-2021-45930) - <dev-qt/qtsvg-5.15.2-r12: Out of bounds write
Summary: <dev-qt/qtsvg-5.15.2-r12: Out of bounds write
Status: CONFIRMED
Alias: CVE-2021-45930
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa]
Keywords:
Depends on: 829923
Blocks:
  Show dependency tree
 
Reported: 2022-01-01 04:45 UTC by Sam James
Modified: 2024-03-24 07:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-01 04:45:08 UTC
CVE-2021-45930 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025):

Qt SVG in Qt 5.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-01 04:46:10 UTC
We need https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc which I don't see within Qt5PatchCollection (please verify though).
Comment 2 Larry the Git Cow gentoo-dev 2022-01-04 11:58:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f31718294562703e041b14042f569a67ac70cfb6

commit f31718294562703e041b14042f569a67ac70cfb6
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-01-04 11:31:30 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-01-04 11:58:15 +0000

    dev-qt/qtsvg: 5.15.2-r12 version bump at KDE 0cb681ea
    
    Fix CVE-2021-45930: Out of bounds write
    "Do stricter error checking when parsing path nodes"
    QTBUG: https://bugreports.qt.io/browse/QTBUG-96044 (login required)
    Upstream commit 5b9285c34731e67f9f1d61ec804740991f2a0380
    
    "SVG Image reading: Reject oversize svgs as corrupt"
    QTBUG: https://bugreports.qt.io/browse/QTBUG-95891
    Upstream commit 0cb681eacca0f757702fa409bb05d3d3650aba4e
    
    Bug: https://bugs.gentoo.org/830381
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtsvg/Manifest                |  1 +
 dev-qt/qtsvg/qtsvg-5.15.2-r12.ebuild | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2022-01-20 13:26:31 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7fee31b4c1d5530bf76c21e5fe853aa43f13b5a1

commit 7fee31b4c1d5530bf76c21e5fe853aa43f13b5a1
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-01-20 12:19:39 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-01-20 13:24:21 +0000

    dev-qt/qtsvg: Cleanup vulnerable 5.15.2-r11
    
    Bug: https://bugs.gentoo.org/830381
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 dev-qt/qtsvg/Manifest                |  1 -
 dev-qt/qtsvg/qtsvg-5.15.2-r11.ebuild | 25 -------------------------
 2 files changed, 26 deletions(-)