Search CVE reports
1 – 7 of 7 results
The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
2 affected packages
qt6-svg, qtsvg-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-svg | Needs evaluation | Needs evaluation | — | — |
| qtsvg-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading to stack overflow DoS
2 affected packages
qt6-svg, qtsvg-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt6-svg | Needs evaluation | Needs evaluation | — | — |
| qtsvg-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
3 affected packages
qt4-x11, qt6-svg, qtsvg-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qt6-svg | Needs evaluation | Needs evaluation | Not in release | Ignored |
| qtsvg-opensource-src | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
2 affected packages
qtsvg-opensource-src, qt6-svg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtsvg-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt6-svg | Needs evaluation | Needs evaluation | Not in release | Not in release |
Some fixes available 1 of 13
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
1 affected package
qtsvg-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtsvg-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Fixed |
Some fixes available 1 of 17
A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file...
2 affected packages
qt4-x11, qtsvg-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qtsvg-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Fixed |
Some fixes available 1 of 8
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
2 affected packages
qt4-x11, qtsvg-opensource-src
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qt4-x11 | Not in release | Not in release | Not in release | Needs evaluation |
| qtsvg-opensource-src | Not affected | Not affected | Not affected | Fixed |