Updated qt4 and qtsvg5 packages fix a security vulnerability

2021-06-1623:22:25

Gentoo Foundation

advisories.mageia.org

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

46.1%

JSON

An out of bounds read in function QRadialFetchSimd from crafted svg file may lead to information disclosure or other potential consequences. This update includes the backported upstream fix and should resolve the security issue (CVE-2021-3481).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchqt4< 4.8.7-26.3qt4-4.8.7-26.3.mga7
Mageia7noarchqtsvg5< 5.12.6-1.1qtsvg5-5.12.6-1.1.mga7
Mageia8noarchqt4< 4.8.7-35.1qt4-4.8.7-35.1.mga8
Mageia8noarchqtsvg5< 5.15.2-1.1qtsvg5-5.15.2-1.1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	qt4	< 4.8.7-26.3	qt4-4.8.7-26.3.mga7
Mageia	7	noarch	qtsvg5	< 5.12.6-1.1	qtsvg5-5.12.6-1.1.mga7
Mageia	8	noarch	qt4	< 4.8.7-35.1	qt4-4.8.7-35.1.mga8
Mageia	8	noarch	qtsvg5	< 5.15.2-1.1	qtsvg5-5.15.2-1.1.mga8