{"id":"UBUNTU-CVE-2023-32573","details":"In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.","modified":"2026-01-20T18:08:09.154637Z","published":"2023-05-10T06:15:00Z","upstream":["CVE-2023-32573"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-32573"},{"type":"REPORT","url":"https://codereview.qt-project.org/c/qt/qtsvg/+/474093"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-32573"}],"affected":[{"package":{"name":"qtsvg-opensource-src","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/qtsvg-opensource-src@5.5.1-2build1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.4.2-2build1","5.5.1-2build1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt5svg5","binary_version":"5.5.1-2build1"},{"binary_name":"libqt5svg5-dev","binary_version":"5.5.1-2build1"},{"binary_name":"qtsvg5-doc-html","binary_version":"5.5.1-2build1"},{"binary_name":"qtsvg5-examples","binary_version":"5.5.1-2build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32573.json"}},{"package":{"name":"qtsvg-opensource-src","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/qtsvg-opensource-src@5.9.5-0ubuntu1.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.9.1-2","5.9.2-2","5.9.2-3","5.9.3-0ubuntu1","5.9.4-0ubuntu1","5.9.5-0ubuntu1","5.9.5-0ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt5svg5","binary_version":"5.9.5-0ubuntu1.1"},{"binary_name":"libqt5svg5-dev","binary_version":"5.9.5-0ubuntu1.1"},{"binary_name":"qtsvg5-doc-html","binary_version":"5.9.5-0ubuntu1.1"},{"binary_name":"qtsvg5-examples","binary_version":"5.9.5-0ubuntu1.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32573.json"}},{"package":{"name":"qtsvg-opensource-src","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/qtsvg-opensource-src@5.12.8-0ubuntu1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.12.4-1","5.12.5-2","5.12.5-2build1","5.12.8-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt5svg5","binary_version":"5.12.8-0ubuntu1"},{"binary_name":"libqt5svg5-dev","binary_version":"5.12.8-0ubuntu1"},{"binary_name":"qtsvg5-doc-html","binary_version":"5.12.8-0ubuntu1"},{"binary_name":"qtsvg5-examples","binary_version":"5.12.8-0ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32573.json"}},{"package":{"name":"qt6-svg","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/qt6-svg@6.2.4-1ubuntu1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.2.2-2ubuntu1","6.2.4-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt6svg6","binary_version":"6.2.4-1ubuntu1"},{"binary_name":"libqt6svg6-dev","binary_version":"6.2.4-1ubuntu1"},{"binary_name":"libqt6svgwidgets6","binary_version":"6.2.4-1ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32573.json"}},{"package":{"name":"qtsvg-opensource-src","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/qtsvg-opensource-src@5.15.3-1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.2-3","5.15.2-4","5.15.3-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt5svg5","binary_version":"5.15.3-1"},{"binary_name":"libqt5svg5-dev","binary_version":"5.15.3-1"},{"binary_name":"qtsvg5-doc-html","binary_version":"5.15.3-1"},{"binary_name":"qtsvg5-examples","binary_version":"5.15.3-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32573.json"}},{"package":{"name":"qt6-svg","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/qt6-svg@6.4.2-4ubuntu3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.4.2-4ubuntu1","6.4.2-4ubuntu2","6.4.2-4ubuntu3"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt6svg6","binary_version":"6.4.2-4ubuntu3"},{"binary_name":"libqt6svgwidgets6","binary_version":"6.4.2-4ubuntu3"},{"binary_name":"qt6-svg-dev","binary_version":"6.4.2-4ubuntu3"},{"binary_name":"qt6-svg-doc-dev","binary_version":"6.4.2-4ubuntu3"},{"binary_name":"qt6-svg-doc-html","binary_version":"6.4.2-4ubuntu3"},{"binary_name":"qt6-svg-examples","binary_version":"6.4.2-4ubuntu3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32573.json"}},{"package":{"name":"qtsvg-opensource-src","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/qtsvg-opensource-src@5.15.13-1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.15.10-2","5.15.12-1","5.15.12-1build1","5.15.12-1build2","5.15.13-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt5svg5","binary_version":"5.15.13-1"},{"binary_name":"libqt5svg5-dev","binary_version":"5.15.13-1"},{"binary_name":"qtsvg5-doc-html","binary_version":"5.15.13-1"},{"binary_name":"qtsvg5-examples","binary_version":"5.15.13-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32573.json"}},{"package":{"name":"qt6-svg","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/qt6-svg@6.9.2-1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.8.3-0ubuntu1","6.9.2-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libqt6svg6","binary_version":"6.9.2-1"},{"binary_name":"libqt6svgwidgets6","binary_version":"6.9.2-1"},{"binary_name":"qt6-svg-dev","binary_version":"6.9.2-1"},{"binary_name":"qt6-svg-doc-dev","binary_version":"6.9.2-1"},{"binary_name":"qt6-svg-doc-html","binary_version":"6.9.2-1"},{"binary_name":"qt6-svg-plugins","binary_version":"6.9.2-1"},{"binary_name":"qt6-svg-private-dev","binary_version":"6.9.2-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32573.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}