osv-2021-235
Vulnerability from osv_ossfuzz
Published
2021-01-25 00:00
Modified
2023-04-20 22:54
Summary
Global-buffer-overflow in QSvgSwitch::draw
Details
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29873
Crash type: Global-buffer-overflow READ 1
Crash state:
QSvgSwitch::draw
QSvgTinyDocument::draw
QSvgTinyDocument::draw
{
"affected": [
{
"database_specific": {
"fixed_range": "7b3e2f369d9ba2ee5e636e1ec9b7a3890363e187:63714587d1ea7bc0ff0c31f68ac879e777b9a3cd"
},
"ecosystem_specific": {
"introduced_range": "ac489d92a3ae32540c4794d85be6fb103c701ee8:1095b1abc6d233bc27321f46f71bbd85fe8556de"
},
"package": {
"ecosystem": "OSS-Fuzz",
"name": "qt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "117f4f34c6162eb8ac749569a5fff604713a3eba"
},
{
"fixed": "fc1a706440a33c792da08aa0f4b3ed2e0057e349"
},
{
"fixed": "afde7ca3a40f524e40052df696f74190452b22cb"
},
{
"fixed": "63714587d1ea7bc0ff0c31f68ac879e777b9a3cd"
}
],
"repo": "git://code.qt.io/qt/qtsvg.git",
"type": "GIT"
}
],
"versions": [
"qt-v5.0.0-alpha1",
"v5.0.0",
"v5.0.0-beta1",
"v5.0.0-beta2",
"v5.0.0-rc1",
"v5.0.0-rc2",
"v5.0.1",
"v5.0.2",
"v5.1.0",
"v5.1.0-alpha1",
"v5.1.0-beta1",
"v5.1.0-rc1",
"v5.1.0-rc2",
"v5.1.1",
"v5.10.0",
"v5.10.0-alpha1",
"v5.10.0-beta1",
"v5.10.0-beta2",
"v5.10.0-beta3",
"v5.10.0-beta4",
"v5.10.0-rc1",
"v5.10.0-rc2",
"v5.10.0-rc3",
"v5.10.1",
"v5.11.0",
"v5.11.0-alpha1",
"v5.11.0-beta1",
"v5.11.0-beta2",
"v5.11.0-beta3",
"v5.11.0-beta4",
"v5.11.0-rc1",
"v5.11.0-rc2",
"v5.11.1",
"v5.11.2",
"v5.11.3",
"v5.12.0",
"v5.12.0-alpha1",
"v5.12.0-beta1",
"v5.12.0-beta2",
"v5.12.0-beta3",
"v5.12.0-beta4",
"v5.12.0-rc1",
"v5.12.0-rc2",
"v5.12.1",
"v5.12.11",
"v5.12.12",
"v5.12.2",
"v5.12.3",
"v5.12.4",
"v5.12.5",
"v5.12.6",
"v5.12.7",
"v5.12.8",
"v5.12.9",
"v5.13.0",
"v5.13.0-alpha1",
"v5.13.0-beta1",
"v5.13.0-beta2",
"v5.13.0-beta3",
"v5.13.0-beta4",
"v5.13.0-rc1",
"v5.13.0-rc2",
"v5.13.0-rc3",
"v5.13.1",
"v5.13.2",
"v5.14.0",
"v5.14.0-alpha1",
"v5.14.0-beta1",
"v5.14.0-beta2",
"v5.14.0-beta3",
"v5.14.0-rc1",
"v5.14.0-rc2",
"v5.14.1",
"v5.14.2",
"v5.15.0",
"v5.15.0-alpha1",
"v5.15.0-beta1",
"v5.15.0-beta2",
"v5.15.0-beta3",
"v5.15.0-beta4",
"v5.15.0-rc1",
"v5.15.0-rc2",
"v5.15.3-lts-lgpl",
"v5.15.4-lts-lgpl",
"v5.15.5-lts-lgpl",
"v5.15.6-lts-lgpl",
"v5.15.7-lts-lgpl",
"v5.15.8-lts-lgpl",
"v5.2.0",
"v5.2.0-alpha1",
"v5.2.0-beta1",
"v5.2.0-rc1",
"v5.2.1",
"v5.3.0",
"v5.3.0-alpha1",
"v5.3.0-beta1",
"v5.3.0-rc1",
"v5.3.1",
"v5.3.2",
"v5.4.0",
"v5.4.0-alpha1",
"v5.4.0-beta1",
"v5.4.0-rc1",
"v5.4.1",
"v5.4.2",
"v5.5.0",
"v5.5.0-alpha1",
"v5.5.0-beta1",
"v5.5.0-rc1",
"v5.5.1",
"v5.6.0",
"v5.6.0-alpha1",
"v5.6.0-beta1",
"v5.6.0-rc1",
"v5.6.1",
"v5.6.1-1",
"v5.6.2",
"v5.6.3",
"v5.7.0",
"v5.7.0-alpha1",
"v5.7.0-beta1",
"v5.7.0-rc1",
"v5.7.1",
"v5.8.0",
"v5.8.0-alpha1",
"v5.8.0-beta1",
"v5.8.0-rc1",
"v5.9.0",
"v5.9.0-alpha1",
"v5.9.0-beta1",
"v5.9.0-beta2",
"v5.9.0-beta3",
"v5.9.0-beta4",
"v5.9.0-rc1",
"v5.9.0-rc2",
"v5.9.1",
"v5.9.2",
"v5.9.3",
"v5.9.4",
"v5.9.5",
"v5.9.6",
"v5.9.7",
"v5.9.8",
"v5.9.9",
"v6.0.0-alpha1",
"v6.0.0-beta1",
"v6.0.0-beta2",
"v6.0.0-beta3",
"v6.0.0-beta4",
"v6.0.0-beta5",
"v6.0.1",
"v6.1.0-alpha1",
"v5.15.9-lts-lgpl"
]
}
],
"details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29873\n\n```\nCrash type: Global-buffer-overflow READ 1\nCrash state:\nQSvgSwitch::draw\nQSvgTinyDocument::draw\nQSvgTinyDocument::draw\n```\n",
"id": "OSV-2021-235",
"modified": "2023-04-20T22:54:29.645985Z",
"published": "2021-01-25T00:00:16.933600Z",
"references": [
{
"type": "REPORT",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29873"
},
{
"type": "FIX",
"url": "https://codereview.qt-project.org/c/qt/qtsvg/+/335065"
}
],
"summary": "Global-buffer-overflow in QSvgSwitch::draw"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…