{"id":"USN-8337-1","summary":"qtsvg-opensource-src vulnerabilities","details":"It was discovered that QtSvg incorrectly handled certain SVG images. An\nattacker could possibly use this issue to cause QtSvg to crash, resulting in\na denial of service. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2018-19869)\n\nIt was discovered that QtSvg incorrectly handled certain SVG images. An\nattacker could use this issue to cause QtSvg to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3481,\nCVE-2021-28025, CVE-2021-45930)\n\nIt was discovered that QtSvg incorrectly handled certain SVG images. An\nattacker could use this issue to cause QtSvg to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2023-32573)","modified":"2026-05-28T17:32:56.726873268Z","published":"2026-05-28T14:32:26Z","related":["UBUNTU-CVE-2018-19869","UBUNTU-CVE-2021-28025","UBUNTU-CVE-2021-3481","UBUNTU-CVE-2021-45930","UBUNTU-CVE-2023-32573"],"upstream":["CVE-2018-19869","CVE-2021-28025","CVE-2021-3481","CVE-2021-45930","CVE-2023-32573","UBUNTU-CVE-2018-19869","UBUNTU-CVE-2021-28025","UBUNTU-CVE-2021-3481","UBUNTU-CVE-2021-45930","UBUNTU-CVE-2023-32573"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8337-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19869"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3481"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-28025"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-45930"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-32573"}],"affected":[{"package":{"name":"qtsvg-opensource-src","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/qtsvg-opensource-src?arch=source&distro=esm-infra-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.1-2ubuntu0.1~esm1"}]}],"versions":["5.4.2-2build1","5.5.1-2build1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt5svg5","binary_version":"5.5.1-2ubuntu0.1~esm1"},{"binary_name":"qtsvg5-doc-html","binary_version":"5.5.1-2ubuntu0.1~esm1"},{"binary_name":"qtsvg5-examples","binary_version":"5.5.1-2ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8337-1.json","cves_map":{"cves":[{"id":"CVE-2018-19869","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-3481","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-28025","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-45930","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-32573","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"qtsvg-opensource-src","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/qtsvg-opensource-src?arch=source&distro=esm-infra%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.9.5-0ubuntu1.1+esm1"}]}],"versions":["5.9.1-2","5.9.2-2","5.9.2-3","5.9.3-0ubuntu1","5.9.4-0ubuntu1","5.9.5-0ubuntu1","5.9.5-0ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt5svg5","binary_version":"5.9.5-0ubuntu1.1+esm1"},{"binary_name":"qtsvg5-doc-html","binary_version":"5.9.5-0ubuntu1.1+esm1"},{"binary_name":"qtsvg5-examples","binary_version":"5.9.5-0ubuntu1.1+esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8337-1.json","cves_map":{"cves":[{"id":"CVE-2023-32573","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"qtsvg-opensource-src","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/qtsvg-opensource-src?arch=source&distro=esm-apps%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.12.8-0ubuntu1+esm1"}]}],"versions":["5.12.4-1","5.12.5-2","5.12.5-2build1","5.12.8-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt5svg5","binary_version":"5.12.8-0ubuntu1+esm1"},{"binary_name":"qtsvg5-doc-html","binary_version":"5.12.8-0ubuntu1+esm1"},{"binary_name":"qtsvg5-examples","binary_version":"5.12.8-0ubuntu1+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8337-1.json","cves_map":{"cves":[{"id":"CVE-2021-3481","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-28025","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-45930","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-32573","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"qtsvg-opensource-src","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/qtsvg-opensource-src?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.3-1ubuntu0.1~esm1"}]}],"versions":["5.15.2-3","5.15.2-4","5.15.3-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt5svg5","binary_version":"5.15.3-1ubuntu0.1~esm1"},{"binary_name":"qtsvg5-doc-html","binary_version":"5.15.3-1ubuntu0.1~esm1"},{"binary_name":"qtsvg5-examples","binary_version":"5.15.3-1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8337-1.json","cves_map":{"cves":[{"id":"CVE-2023-32573","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}}],"schema_version":"1.7.5"}