Headline
CVE-2023-32763: [Announce] Security advisory: Qt SVG
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
List for announcements regarding Qt releases and development announce at qt-project.org
Mon May 22 12:00:36 CEST 2023
- Previous message (by thread): [Announce] Security advisory: Qt SVG
- Next message (by thread): [Announce] Qt Design Studio 4.1.0 released
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A recent buffer overflow issue in Qt SVG has been reported and has been assigned the CVE id CVE-2023-32763.
This effects all Qt versions up to and including Qt 5.15.14, Qt 6.0.0->6.2.8 and Qt 6.3.0->6.5.0
When a SVG file with an image inside it is rendered, a QTextLayout overflow can be triggered.
Solution: Apply the following patch or update to Qt 5.15.15, Qt 6.2.9 or Qt 6.5.1
Patches:
dev: https://codereview.qt-project.org/c/qt/qtbase/+/476125 Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/476490 or https://download.qt.io/official_releases/qt/6.5/CVE-2023-32763-qtbase-6.5.diff Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2023-32763-qtbase-6.2.diff Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff
Kind regards, Andy – Andy Shaw Director, Technical Customer Success The Qt Company
- Previous message (by thread): [Announce] Security advisory: Qt SVG
- Next message (by thread): [Announce] Qt Design Studio 4.1.0 released
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Announce mailing list
Related news
Gentoo Linux Security Advisory 202402-3 - Multiple vulnerabilities have been discovered in QtGui which can lead to remote code execution. Versions greater than or equal to 5.15.9-r1 are affected.