{"id":"CVE-2021-3481","details":"A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.","modified":"2026-05-18T20:15:30.462246Z","published":"2022-08-22T15:15:13.363Z","related":["ALSA-2021:4172","SUSE-SU-2021:3333-1","SUSE-SU-2021:3354-1","SUSE-SU-2021:4155-1","openSUSE-SU-2021:1371-1","openSUSE-SU-2021:3354-1","openSUSE-SU-2024:10976-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-3481"},{"type":"ADVISORY","url":"https://codereview.qt-project.org/c/qt/qtsvg/+/337646"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1931444"},{"type":"EVIDENCE","url":"https://bugreports.qt.io/browse/QTBUG-91507"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qt5","events":[{"introduced":"0"},{"last_affected":"dd11f01de7416b650b58c13e18146533d764477c"},{"last_affected":"78410d7e8b7aafdcbb4feea3a943038c7e0a0b5f"},{"last_affected":"46dddf87bcb154432533083cf2bfebb3d4b3e3f7"},{"last_affected":"b8e587b74c5609cb7d9d7003720122c6d3a0e462"}],"database_specific":{"cpe":["cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*","cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*","cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*","cpe:2.3:a:qt:qt:6.2.0:-:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"5.15.1"},{"last_affected":"6.0.0-NA"},{"last_affected":"6.0.2"},{"last_affected":"6.2.0-NA"}]}}],"versions":["v6.2.0","v6.2.0-rc2","v6.2.0-rc1","v6.2.0-beta4","v6.2.0-beta3","v6.2.0-beta2","v6.2.0-beta1","v6.2.0-alpha1","v6.0.2","v6.0.1","v6.0.0","v6.0.0-rc2","v6.0.0-rc1","v6.0.0-beta5","v5.15.1","v6.0.0-beta4","v6.0.0-beta3","v6.0.0-beta2","v6.0.0-beta1","v6.0.0-alpha1","v5.15.0-beta4","v5.15.0-beta3","v5.15.0-beta2","v5.15.0-beta1","v5.15.0-alpha1","v5.0.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3481.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"0"},{"last_affected":"e4961b35deb202525d4711dbb14f8c2bb0bf5c26"},{"last_affected":"fc9cda5f08ac848e88f63dd4a07c08b2fbc6bf17"},{"last_affected":"723077eb3529810aa3b99d8c06f9b81a586763c9"},{"last_affected":"cc60cf83db6bbf9775b1f7747a48d6b7eb24e585"}],"database_specific":{"cpe":["cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*","cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*","cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*","cpe:2.3:a:qt:qt:6.2.0:-:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"5.15.1"},{"last_affected":"6.0.0-NA"},{"last_affected":"6.0.2"},{"last_affected":"6.2.0-NA"}]}}],"versions":["v6.2.0","v6.2.0-rc2","v6.2.0-rc1","v6.2.0-beta4","v6.2.0-beta3","v6.2.0-beta2","v6.2.0-beta1","v6.2.0-alpha1","v6.0.2","v6.0.1","v6.0.0","v6.0.0-rc2","v6.0.0-rc1","v6.0.0-beta5","v6.0.0-beta4","v6.0.0-beta3","v6.0.0-beta2","v6.0.0-beta1","v6.0.0-alpha1","v5.15.1","v5.15.0-beta4","v5.15.0-beta3","v5.15.0-beta2","v5.15.0-beta1","v5.15.0-alpha1","v5.0.0-beta2","v5.0.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3481.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}