CVE-2021-45930 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025): Qt SVG in Qt 5.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
We need https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc which I don't see within Qt5PatchCollection (please verify though).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f31718294562703e041b14042f569a67ac70cfb6 commit f31718294562703e041b14042f569a67ac70cfb6 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-01-04 11:31:30 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-01-04 11:58:15 +0000 dev-qt/qtsvg: 5.15.2-r12 version bump at KDE 0cb681ea Fix CVE-2021-45930: Out of bounds write "Do stricter error checking when parsing path nodes" QTBUG: https://bugreports.qt.io/browse/QTBUG-96044 (login required) Upstream commit 5b9285c34731e67f9f1d61ec804740991f2a0380 "SVG Image reading: Reject oversize svgs as corrupt" QTBUG: https://bugreports.qt.io/browse/QTBUG-95891 Upstream commit 0cb681eacca0f757702fa409bb05d3d3650aba4e Bug: https://bugs.gentoo.org/830381 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtsvg/Manifest | 1 + dev-qt/qtsvg/qtsvg-5.15.2-r12.ebuild | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7fee31b4c1d5530bf76c21e5fe853aa43f13b5a1 commit 7fee31b4c1d5530bf76c21e5fe853aa43f13b5a1 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-01-20 12:19:39 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-01-20 13:24:21 +0000 dev-qt/qtsvg: Cleanup vulnerable 5.15.2-r11 Bug: https://bugs.gentoo.org/830381 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtsvg/Manifest | 1 - dev-qt/qtsvg/qtsvg-5.15.2-r11.ebuild | 25 ------------------------- 2 files changed, 26 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2456b87477e6ccf454b884c2405316b8102a652b commit 2456b87477e6ccf454b884c2405316b8102a652b Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-08 09:13:29 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-08 09:13:49 +0000 [ GLSA 202405-26 ] qtsvg: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/830381 Bug: https://bugs.gentoo.org/906465 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-26.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
