Security advisory: Qt SVG
May 22, 2023 by Andy Shaw | Comments
A recent buffer overflow issue in Qt SVG has been reported and has been assigned the CVE id CVE-2023-32763.
This effects all Qt versions up to and including Qt 5.15.14, Qt 6.0.0->6.2.8 and Qt 6.3.0->6.5.0
When a SVG file with an image inside it is rendered, a QTextLayout overflow can be triggered.
Solution: Apply the following patch or update to Qt 5.15.15, Qt 6.2.9 or Qt 6.5.1
Patches:
dev: https://codereview.qt-project.org/c/qt/qtbase/+/476125
Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/476490 or https://download.qt.io/official_releases/qt/6.5/CVE-2023-32763-qtbase-6.5.diff
Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2023-32763-qtbase-6.2.diff
Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff
Blog Topics:
Comments
Subscribe to our newsletter
Subscribe Newsletter
Try Qt 6.5 Now!
Download the latest release here: www.qt.io/download.
Qt 6.5 is the latest Long-Term-Support release with all you need for C++ cross-platform app development.
Explore Qt World
Check our Qt demos and case studies in the virtual Qt World
We're Hiring
Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.
Näytä tämä julkaisu Instagramissa.Henkilön Qt (@theqtcompany) jakama julkaisu