*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
libqt5svg5 5.12.8-0ubuntu1 in Ubuntu 20.04 is affected by CVE-2021-38593: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 Trying to open the attached svg file will block one core at 100% and occupy much memory. Depending on the configuration, it might even run out of memory and crash. This is fixed upstream by: https://codereview.qt-project.org/c/qt/qtbase/+/377942 The original issue is public since July 29th. If I'm allowed to upload further files, I'll send a simple test program. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libqt5svg5 5.12.8-0ubuntu1 ProcVersionSignature: Ubuntu 5.14.0-1005.5-oem 5.14.9 Uname: Linux 5.14.0-1005-oem x86_64 ApportVersion: 2.20.11-0ubuntu27.21 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: GNOME Date: Mon Nov 8 20:24:34 2021 InstallationDate: Installed on 2012-07-06 (3411 days ago) InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425) ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: qtsvg-opensource-src UpgradeStatus: Upgraded to focal on 2020-10-03 (400 days ago) ** Affects: qtsvg-opensource-src (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug community-security focal -- libqt5svg5 affected by CVE-2021-38593 https://bugs.launchpad.net/bugs/1950193 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
