Security update for libqt5-qtsvg SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1371-1 Final 1 1 2021-10-18T14:06:01Z current 2021-10-18T14:06:01Z 2021-10-18T14:06:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libqt5-qtsvg This update for libqt5-qtsvg fixes the following issues: - CVE-2021-3481: Fixed an out of bounds read in function QRadialFetchSimd from crafted svg file. (bsc#1184783) This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1371 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WUQQL3BSIDANFVPIE65N7IJDJSBTEPHN/ E-Mail link for openSUSE-SU-2021:1371-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1184783 SUSE Bug 1184783 https://www.suse.com/security/cve/CVE-2021-3481/ SUSE CVE CVE-2021-3481 page openSUSE Leap 15.2 libQt5Svg5-5.12.7-lp152.2.3.1 libQt5Svg5-32bit-5.12.7-lp152.2.3.1 libqt5-qtsvg-devel-5.12.7-lp152.2.3.1 libqt5-qtsvg-devel-32bit-5.12.7-lp152.2.3.1 libqt5-qtsvg-examples-5.12.7-lp152.2.3.1 libqt5-qtsvg-private-headers-devel-5.12.7-lp152.2.3.1 libQt5Svg5-5.12.7-lp152.2.3.1 as a component of openSUSE Leap 15.2 libQt5Svg5-32bit-5.12.7-lp152.2.3.1 as a component of openSUSE Leap 15.2 libqt5-qtsvg-devel-5.12.7-lp152.2.3.1 as a component of openSUSE Leap 15.2 libqt5-qtsvg-devel-32bit-5.12.7-lp152.2.3.1 as a component of openSUSE Leap 15.2 libqt5-qtsvg-examples-5.12.7-lp152.2.3.1 as a component of openSUSE Leap 15.2 libqt5-qtsvg-private-headers-devel-5.12.7-lp152.2.3.1 as a component of openSUSE Leap 15.2 A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. CVE-2021-3481 openSUSE Leap 15.2:libQt5Svg5-32bit-5.12.7-lp152.2.3.1 openSUSE Leap 15.2:libQt5Svg5-5.12.7-lp152.2.3.1 openSUSE Leap 15.2:libqt5-qtsvg-devel-32bit-5.12.7-lp152.2.3.1 openSUSE Leap 15.2:libqt5-qtsvg-devel-5.12.7-lp152.2.3.1 openSUSE Leap 15.2:libqt5-qtsvg-examples-5.12.7-lp152.2.3.1 openSUSE Leap 15.2:libqt5-qtsvg-private-headers-devel-5.12.7-lp152.2.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WUQQL3BSIDANFVPIE65N7IJDJSBTEPHN/ https://www.suse.com/security/cve/CVE-2021-3481.html CVE-2021-3481 https://bugzilla.suse.com/1184783 SUSE Bug 1184783