ubuntu-sdk-bugs team mailing list archive
-
ubuntu-sdk-bugs team
-
Mailing list archive
-
Message #08121
[Bug 1950193] Re: libqt5svg5 affected by CVE-2021-38593
** Also affects: qtbase-opensource-src (Ubuntu Impish)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1950193
Title:
libqt5svg5 affected by CVE-2021-38593
Status in qtbase-opensource-src package in Ubuntu:
Fix Released
Status in qtbase-opensource-src source package in Focal:
New
Status in qtbase-opensource-src source package in Impish:
New
Bug description:
[Impact]
libqt5svg5 5.12.8-0ubuntu1 in Ubuntu 20.04 is affected by CVE-2021-38593:
https://nvd.nist.gov/vuln/detail/CVE-2021-38593
Trying to open the attached svg file will block one core at 100% and occupy much memory. Depending on the configuration, it might even run out of memory and crash. This is fixed upstream by:
https://codereview.qt-project.org/c/qt/qtbase/+/377942
The original issue is public since July 29th.
[Test Plan]
1. Install libqt5svg5-dev, qtbase5-dev and their dependencies.
2. Build the attached project with the system's version of Qt:
/usr/lib/qt5/bin/qmake test-2021-38593.pro && make
3. Start the resulting binary and pass the path to the included input file as first parameter:
./test-2021-38593 ./input.svg
The binary should return immediately and without error messages. If it doesn't, you might be affected.
[Where problems could occur]
The fix tries to skip drawing dashes that would be invisible anyway.
So a potential problem may that it skips too much. In fact, this has
already happened, and upstream had to adjust the fix.
[Other Info]
The patch is a combination of the following upstream commits:
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7f345f2a1c8d9f60
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=9378ba2ae857df7e
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=81998f50d039a631
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=cca8ed0547405b1c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1950193/+subscriptions