PT-2021-8148 · Qt Company+9 · Qt+9

Published

2021-08-10

·

Updated

2026-05-28

·

CVE-2021-45930

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Qt versions 5.0.0 through 5.15.2 Qt versions 6.0.0 through 6.2.1
Description The issue is related to an out-of-bounds write in QtPrivate::QCommonArrayOpsQPainterPath::Element::growAppend, which can be called from QPainterPath::addPath and QPathClipper::intersect. This can potentially allow a remote attacker to cause a denial of service.
Recommendations For Qt versions 5.0.0 through 5.15.2, update to a version outside of this range to resolve the issue. For Qt versions 6.0.0 through 6.2.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the use of QPainterPath::addPath and QPathClipper::intersect functions until a patch is available.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2022:1920
ALT-PU-2021-2802
ALT-PU-2021-2975
ALT-PU-2022-2186
ALT-PU-2022-2187
ALT-PU-2022-2188
ALT-PU-2022-2189
ALT-PU-2022-2190
ALT-PU-2022-2191
ALT-PU-2022-2192
ALT-PU-2022-2193
ALT-PU-2022-2194
ALT-PU-2022-2195
ALT-PU-2022-2196
ALT-PU-2022-2197
ALT-PU-2022-2198
ALT-PU-2022-2199
ALT-PU-2022-2200
ALT-PU-2022-2201
ALT-PU-2022-2202
ALT-PU-2022-2203
ALT-PU-2022-2204
ALT-PU-2022-2205
ALT-PU-2022-2206
ALT-PU-2022-2207
ALT-PU-2022-2208
ALT-PU-2022-2209
ALT-PU-2022-2210
ALT-PU-2022-2211
ALT-PU-2022-2212
ALT-PU-2022-2213
ALT-PU-2022-2214
ALT-PU-2022-2215
ALT-PU-2022-2216
ALT-PU-2022-2217
ALT-PU-2022-2218
ALT-PU-2022-2219
ALT-PU-2022-2372
ALT-PU-2022-2373
ALT-PU-2022-2374
ALT-PU-2022-2375
ALT-PU-2022-2376
ALT-PU-2022-2377
ALT-PU-2022-2378
ALT-PU-2022-2379
ALT-PU-2022-2380
ALT-PU-2022-2381
ALT-PU-2022-2382
ALT-PU-2022-2383
ALT-PU-2022-2384
ALT-PU-2022-2385
ALT-PU-2022-2386
ALT-PU-2022-2387
ALT-PU-2022-2388
ALT-PU-2022-2389
ALT-PU-2022-2390
ALT-PU-2022-2391
ALT-PU-2022-2392
ALT-PU-2022-2393
ALT-PU-2022-2394
ALT-PU-2022-2395
ALT-PU-2022-2396
ALT-PU-2022-2397
ALT-PU-2022-2398
ALT-PU-2022-2399
ALT-PU-2022-2400
ALT-PU-2022-2401
ALT-PU-2022-2402
ALT-PU-2022-2403
ALT-PU-2022-2404
ALT-PU-2022-2405
ALT-PU-2024-1120
ALT-PU-2024-2801
BDU:2024-09033
CESA-2022_1920
CVE-2021-45930
DLA-2885-1
DLA-2895-1
DLA-3539-1
MGASA-2023-0231
OESA-2022-1493
OPENSUSE-SU-2023_2969-1
OPENSUSE-SU-2023_2981-1
OPENSUSE-SU-2024:13378-1
RHSA-2022:1920
RHSA-2022_1920
SUSE-SU-2023:2967-1
SUSE-SU-2023:2969-1
SUSE-SU-2023:2981-1
SUSE-SU-2023:3209-1
SUSE-SU-2023:4622-1
SUSE-SU-2023_2967-1
SUSE-SU-2023_2969-1
SUSE-SU-2023_2981-1
SUSE-SU-2023_3209-1
SUSE-SU-2023_4622-1
SUSE-SU-2025:02968-1
SUSE-SU-2025_02968-1
USN-5241-1
USN-8337-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Qt
Red Hat
Red Os
Suse
Ubuntu