Ubuntu
qtbase-opensource-src package

  1. Focal (20.04)
  2. Bug #1950193
  3. Comment #0

Comment 0 for bug 1950193

Revision history for this message
Robert Löhning (rlohning) wrote :

libqt5svg5 5.12.8-0ubuntu1 in Ubuntu 20.04 is affected by CVE-2021-38593:
https://nvd.nist.gov/vuln/detail/CVE-2021-38593

Trying to open the attached svg file will block one core at 100% and occupy much memory. Depending on the configuration, it might even run out of memory and crash. This is fixed upstream by:
https://codereview.qt-project.org/c/qt/qtbase/+/377942

The original issue is public since July 29th. If I'm allowed to upload further files, I'll send a simple test program.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libqt5svg5 5.12.8-0ubuntu1
ProcVersionSignature: Ubuntu 5.14.0-1005.5-oem 5.14.9
Uname: Linux 5.14.0-1005-oem x86_64
ApportVersion: 2.20.11-0ubuntu27.21
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: GNOME
Date: Mon Nov 8 20:24:34 2021
InstallationDate: Installed on 2012-07-06 (3411 days ago)
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
ProcEnviron:
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: qtsvg-opensource-src
UpgradeStatus: Upgraded to focal on 2020-10-03 (400 days ago)