[Development] [Announce] Security advisory: Qt SVG

Kevin Kofler kevin.kofler at chello.at
Mon May 22 14:51:22 CEST 2023

List for announcements regarding Qt releases and development via Announce 
via Development wrote:
> A recent potential divide by zero in Qt SVG has been reported and has been
> assigned the CVE id CVE-2023-32573.

Same as in the more recent Qt SVG CVE: The vulnerable code (the Qt SVG 
classes) was introduced in Qt 4.1, so Qt versions prior to 4.1 (i.e., 4.0.x 
or older, such as Qt 3) are not vulnerable.

> Patches:
> dev: https://codereview.qt-project.org/c/qt/qtsvg/+/474093
> Qt 6.5: https://codereview.qt-project.org/c/qt/qtsvg/+/474404 or
> https://download.qt.io/official_releases/qt/6.5/CVE-2023-32573-qtsvg-6.5.diff
> Qt 6.2:
> https://download.qt.io/official_releases/qt/6.2/CVE-2023-32573-qtsvg-6.2.diff
> Qt 5.15:
> https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff

Qt 4.8.7, backported by Than Ngo:

        Kevin Kofler

More information about the Development mailing list