Subnavigation

Security advisory: Qt SVG

May 22, 2023 by Andy Shaw | Comments

A recent buffer overflow issue in Qt SVG has been reported and has been assigned the CVE id CVE-2023-32763.

This effects all Qt versions up to and including Qt 5.15.14, Qt 6.0.0->6.2.8 and Qt 6.3.0->6.5.0

When a SVG file with an image inside it is rendered, a QTextLayout overflow can be triggered.

Solution: Apply the following patch or update to Qt 5.15.15, Qt 6.2.9 or Qt 6.5.1

Patches:

dev: https://codereview.qt-project.org/c/qt/qtbase/+/476125
Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/476490 or https://download.qt.io/official_releases/qt/6.5/CVE-2023-32763-qtbase-6.5.diff
Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2023-32763-qtbase-6.2.diff
Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff
Blog Topics:

Comments

Subscribe to our newsletter

Subscribe Newsletter

Try Qt 6.8 Now!

Download the latest release here: www.qt.io/download.

Qt 6.8 release focuses on technology trends like spatial computing & XR, complex data visualization in 2D & 3D, and ARM-based development for desktop.

We're Hiring

Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.

Read Next

Jan 27, 2025

Qt Gradle Plugin 1.1 Released

Qt Gradle Plugin 1.1 (QtGP) is here! If you missed 1.0 release, I..

Read Article

Jan 23, 2025

Qt AI Assistant Experimental Released

We have released Qt AI Assistant to help you in cross-platform software..

Read Article

Jan 22, 2025

Embedding Android Activities with Full Qt Quick Features

Qt for Android Automotive has introduced a transformative new back-end for..

Read Article