PT-2021-8280 · Qt Company+7 · Qt+7

Published

2021-08-11

·

Updated

2025-01-21

·

CVE-2021-38593

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Qt versions 5.0.0 through 5.15.5 Qt versions 6.0.0 through 6.1.2
Description The issue is related to an out-of-bounds write in the QOutlineMapper::convertPath function, which can be called from QRasterPaintEngine::fill and QPaintEngineEx::stroke. This can potentially allow a remote attacker to cause a denial of service. The vulnerability is associated with a buffer read beyond the memory boundary.
Recommendations For Qt versions 5.0.0 through 5.15.5, update to version 5.15.6 or later. For Qt versions 6.0.0 through 6.1.2, update to a version later than 6.1.2. As a temporary workaround, consider restricting the use of the QOutlineMapper::convertPath function until a patch is available.

Fix

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2022:1796
ALT-PU-2021-2863
ALT-PU-2021-2975
ALT-PU-2022-2774
ALT-PU-2022-2775
ALT-PU-2022-2776
ALT-PU-2022-2777
ALT-PU-2022-2778
ALT-PU-2022-2779
ALT-PU-2022-2780
ALT-PU-2022-2781
ALT-PU-2022-2782
ALT-PU-2022-2783
ALT-PU-2022-2784
ALT-PU-2022-2785
ALT-PU-2022-2786
ALT-PU-2022-2787
ALT-PU-2022-2788
ALT-PU-2022-2789
ALT-PU-2022-2790
ALT-PU-2022-2791
ALT-PU-2022-2792
ALT-PU-2022-2793
ALT-PU-2022-2794
ALT-PU-2022-2795
ALT-PU-2022-2796
ALT-PU-2022-2797
ALT-PU-2022-2798
ALT-PU-2022-2799
ALT-PU-2022-2800
ALT-PU-2022-2801
ALT-PU-2022-2802
ALT-PU-2022-2803
ALT-PU-2022-2804
ALT-PU-2022-2805
ALT-PU-2022-2806
ALT-PU-2022-2807
ALT-PU-2022-3131
ALT-PU-2022-3132
ALT-PU-2022-3133
ALT-PU-2022-3134
ALT-PU-2022-3135
ALT-PU-2022-3136
ALT-PU-2022-3137
ALT-PU-2022-3138
ALT-PU-2022-3139
ALT-PU-2022-3140
ALT-PU-2022-3141
ALT-PU-2022-3142
ALT-PU-2022-3143
ALT-PU-2022-3144
ALT-PU-2022-3145
ALT-PU-2022-3146
ALT-PU-2022-3147
ALT-PU-2022-3148
ALT-PU-2022-3149
ALT-PU-2022-3150
ALT-PU-2022-3151
ALT-PU-2022-3152
ALT-PU-2022-3153
ALT-PU-2022-3154
ALT-PU-2022-3155
ALT-PU-2022-3156
ALT-PU-2022-3157
ALT-PU-2022-3158
ALT-PU-2022-3159
ALT-PU-2022-3160
ALT-PU-2022-3161
ALT-PU-2022-3162
ALT-PU-2022-3163
ALT-PU-2022-3164
ALT-PU-2024-1120
ALT-PU-2024-2801
AZL-34211
AZL-6838
BDU:2025-00916
CESA-2022_1796
CVE-2021-38593
MGASA-2021-0493
OESA-2022-2059
OESA-2022-2060
RHSA-2022:1796
RHSA-2022_1796
RLSA-2022:1796
USN-5081-1

Affected Products

Alt Linux
Almalinux
Centos
Qt
Red Hat
Red Os
Rocky Linux
Ubuntu