[Development] [Announce] Security advisory: Qt SVG
Kevin Kofler
kevin.kofler at chello.at
Mon May 22 14:51:22 CEST 2023
List for announcements regarding Qt releases and development via Announce
via Development wrote:
> A recent potential divide by zero in Qt SVG has been reported and has been
> assigned the CVE id CVE-2023-32573.
Same as in the more recent Qt SVG CVE: The vulnerable code (the Qt SVG
classes) was introduced in Qt 4.1, so Qt versions prior to 4.1 (i.e., 4.0.x
or older, such as Qt 3) are not vulnerable.
> Patches:
>
> dev: https://codereview.qt-project.org/c/qt/qtsvg/+/474093
> Qt 6.5: https://codereview.qt-project.org/c/qt/qtsvg/+/474404 or
> https://download.qt.io/official_releases/qt/6.5/CVE-2023-32573-qtsvg-6.5.diff
> Qt 6.2:
> https://download.qt.io/official_releases/qt/6.2/CVE-2023-32573-qtsvg-6.2.diff
> Qt 5.15:
> https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff
Qt 4.8.7, backported by Than Ngo:
https://src.fedoraproject.org/rpms/qt/raw/rawhide/f/qt-CVE-2023-32573.patch
Kevin Kofler
More information about the Development
mailing list