{"id":"CVE-2021-38593","details":"Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).","modified":"2026-04-02T07:13:48.645384Z","published":"2021-08-12T02:15:06.580Z","related":["ALSA-2022:1796","MGASA-2021-0493"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36VN2WKMNQUSTF6ZW2X52NPAJVXJ4S5I/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY5YCSDCTLHVMP3OXOM6HNTWHV6DBHDX/"},{"type":"ADVISORY","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202402-03"},{"type":"ADVISORY","url":"https://www.qt.io/blog/qt-5.15-extended-support-for-subscription-license-holders"},{"type":"REPORT","url":"https://wiki.qt.io/Qt_5.15_Release#Known_Issues"},{"type":"FIX","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566"},{"type":"FIX","url":"https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862"},{"type":"FIX","url":"https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd"},{"type":"FIX","url":"https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"3bf50a7db9a1add66fb66b7a1f9c1d3b038c5e7f"},{"fixed":"a5984e059385e93ab06eb95cbe12bea5215f7b9d"},{"introduced":"fc9cda5f08ac848e88f63dd4a07c08b2fbc6bf17"},{"last_affected":"4dcedb8ca4ae0c9c533997074098297abbfcf1c3"},{"fixed":"1ca02cf2879a5e1511a2f2109f0925cf4c892862"},{"fixed":"202143ba41f6ac574f1858214ed8bf4a38b73ccd"},{"fixed":"6b400e3147dcfd8cc3a393ace1bd118c93762e0c"}],"database_specific":{"versions":[{"introduced":"5.0.0"},{"fixed":"5.15.6"},{"introduced":"6.0.0"},{"last_affected":"6.1.2"}]}}],"versions":["v5.0.0","v5.0.1","v5.0.2","v5.1.0","v5.1.0-alpha1","v5.1.0-beta1","v5.1.0-rc1","v5.1.0-rc2","v5.1.1","v5.10.0","v5.10.0-alpha1","v5.10.0-beta1","v5.10.0-beta2","v5.10.0-beta3","v5.10.0-beta4","v5.10.0-rc1","v5.10.0-rc2","v5.10.0-rc3","v5.10.1","v5.11.0","v5.11.0-alpha1","v5.11.0-beta1","v5.11.0-beta2","v5.11.0-beta3","v5.11.0-beta4","v5.11.0-rc1","v5.11.0-rc2","v5.11.1","v5.11.2","v5.11.3","v5.12.0","v5.12.0-alpha1","v5.12.0-beta1","v5.12.0-beta2","v5.12.0-beta3","v5.12.0-beta4","v5.12.0-rc1","v5.12.0-rc2","v5.12.1","v5.12.10","v5.12.11","v5.12.12","v5.12.2","v5.12.3","v5.12.4","v5.12.5","v5.12.6","v5.12.7","v5.12.8","v5.12.9","v5.13.0","v5.13.0-alpha1","v5.13.0-beta1","v5.13.0-beta2","v5.13.0-beta3","v5.13.0-beta4","v5.13.0-rc1","v5.13.0-rc2","v5.13.0-rc3","v5.13.1","v5.13.2","v5.14.0","v5.14.0-alpha1","v5.14.0-beta1","v5.14.0-beta2","v5.14.0-beta3","v5.14.0-rc1","v5.14.0-rc2","v5.14.1","v5.14.2","v5.15.0","v5.15.0-alpha1","v5.15.0-beta1","v5.15.0-beta2","v5.15.0-beta3","v5.15.0-beta4","v5.15.0-rc1","v5.15.0-rc2","v5.15.1","v5.15.2","v5.15.3-lts-lgpl","v5.15.4-lts-lgpl","v5.15.5-lts-lgpl","v5.2.0","v5.2.0-alpha1","v5.2.0-beta1","v5.2.0-rc1","v5.2.1","v5.3.0","v5.3.0-alpha1","v5.3.0-beta1","v5.3.0-rc1","v5.3.1","v5.3.2","v5.4.0","v5.4.0-alpha1","v5.4.0-beta1","v5.4.0-rc1","v5.4.1","v5.4.2","v5.5.0","v5.5.0-alpha1","v5.5.0-beta1","v5.5.0-rc1","v5.5.1","v5.6.0","v5.6.0-alpha1","v5.6.0-beta1","v5.6.0-rc1","v5.6.1","v5.6.1-1","v5.6.2","v5.6.3","v5.7.0","v5.7.0-alpha1","v5.7.0-beta1","v5.7.0-rc1","v5.7.1","v5.8.0","v5.8.0-alpha1","v5.8.0-beta1","v5.8.0-rc1","v5.9.0","v5.9.0-alpha1","v5.9.0-beta1","v5.9.0-beta2","v5.9.0-beta3","v5.9.0-beta4","v5.9.0-rc1","v5.9.0-rc2","v5.9.1","v5.9.2","v5.9.3","v5.9.4","v5.9.5","v5.9.6","v5.9.7","v5.9.8","v5.9.9","v6.0.0","v6.0.0-alpha1","v6.0.0-beta1","v6.0.0-beta2","v6.0.0-beta3","v6.0.0-beta4","v6.0.0-beta5","v6.0.0-rc1","v6.0.0-rc2","v6.0.1","v6.0.2","v6.0.3","v6.0.4","v6.1.0","v6.1.0-alpha1","v6.1.0-beta1","v6.1.0-beta2","v6.1.0-beta3","v6.1.0-rc1","v6.1.0-rc2","v6.1.1","v6.1.2","v6.2.0-alpha1","v6.2.0-beta1","v6.2.0-beta2"],"database_specific":{"vanir_signatures":[{"digest":{"line_hashes":["271928562808682822601995538577538974780","72176071764742851516072444134726106676","163469072021631174261305783525076176707","213547461056257825045409429829012753748"],"threshold":0.9},"id":"CVE-2021-38593-10bb0601","target":{"file":"src/gui/painting/qpaintengineex.cpp"},"deprecated":false,"signature_version":"v1","source":"https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c","signature_type":"Line"},{"digest":{"line_hashes":["271928562808682822601995538577538974780","72176071764742851516072444134726106676","163469072021631174261305783525076176707","213547461056257825045409429829012753748"],"threshold":0.9},"id":"CVE-2021-38593-22346b8a","target":{"file":"src/gui/painting/qpaintengineex.cpp"},"deprecated":false,"signature_version":"v1","source":"https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd","signature_type":"Line"},{"digest":{"line_hashes":["271928562808682822601995538577538974780","72176071764742851516072444134726106676","163469072021631174261305783525076176707","213547461056257825045409429829012753748"],"threshold":0.9},"id":"CVE-2021-38593-2f99537b","target":{"file":"src/gui/painting/qpaintengineex.cpp"},"deprecated":false,"signature_version":"v1","source":"https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862","signature_type":"Line"},{"digest":{"function_hash":"66084939280504979425354887214909155133","length":6445},"id":"CVE-2021-38593-527772bf","target":{"function":"QPaintEngineEx::stroke","file":"src/gui/painting/qpaintengineex.cpp"},"deprecated":false,"signature_version":"v1","source":"https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862","signature_type":"Function"},{"digest":{"function_hash":"66084939280504979425354887214909155133","length":6445},"id":"CVE-2021-38593-bbbd8d65","target":{"function":"QPaintEngineEx::stroke","file":"src/gui/painting/qpaintengineex.cpp"},"deprecated":false,"signature_version":"v1","source":"https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd","signature_type":"Function"},{"digest":{"function_hash":"66084939280504979425354887214909155133","length":6445},"id":"CVE-2021-38593-dabe698e","target":{"function":"QPaintEngineEx::stroke","file":"src/gui/painting/qpaintengineex.cpp"},"deprecated":false,"signature_version":"v1","source":"https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c","signature_type":"Function"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38593.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}