Subnavigation

Security advisory: Qt SVG

May 15, 2023 by Andy Shaw | Comments

A recent potential divide by zero in Qt SVG has been reported and has been assigned the CVE id CVE-2023-32573.

In QSvgFont, the m_unitsPerEm variable initialization is mishandled so if a SVG file that uses font-face without units-per-em set is passed to QSvgRenderer to render then it can trigger a division by zero.

Solution: Apply the following patch or update to Qt 5.15.14, Qt 6.2.9 or Qt 6.5.1

Patches:

dev: https://codereview.qt-project.org/c/qt/qtsvg/+/474093
Qt 6.5: https://codereview.qt-project.org/c/qt/qtsvg/+/474404 or https://download.qt.io/official_releases/qt/6.5/CVE-2023-32573-qtsvg-6.5.diff
Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2023-32573-qtsvg-6.2.diff
Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff
Blog Topics:

Comments

Subscribe to our newsletter

Subscribe Newsletter

By submitting the form, you agree that Qt Group will process and store your personal information according to the Privacy Policy and may send you communications related to your request. You may unsubscribe from all communications at any time by clicking Unsubscribe or Manage Preferences in the footer of our emails.

Try Qt 6.9 Now!

Download the latest release here: www.qt.io/download.

Qt 6.9 is now available, with new features and improvements for application developers and device creators.

We're Hiring

Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.

Read Next

Apr 7, 2025

Security advisory: A Denial-of-Service type of security issue in Qt XML module impacts Qt

A Denial-of-Service type of security issue in QDom classes of Qt XML..

Read Article

Apr 7, 2025

Navigation in Qt 6.9 documentation

In this blog post, I would like to talk about the improvements in..

Read Article

Apr 2, 2025

Qt 6.9 Released

Qt 6.9 is now available, with new features and improvements for..

Read Article