CVE-2021-3481: 
NixOS vulnerability analysis and mitigation

A flaw was found in Qt, specifically an out-of-bounds read vulnerability in QRadialFetchSimd function located in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. The vulnerability was discovered in early 2021 and affects multiple versions of Qt including 5.15.1, 6.0.0, 6.0.2, and 6.2. When rendering and displaying a crafted Scalable Vector Graphics (SVG) file, this flaw may lead to unauthorized memory access (Qt Bug Report, NVD).

The vulnerability is caused by an invalid sign extension that leads to integer overflow in the QRadialFetchSimd::fetch function. The issue occurs during the processing of double to float conversions while rendering SVG files. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H (NVD).

The primary impact of this vulnerability affects data confidentiality and application availability. When exploited, it can lead to unauthorized memory access and potential denial-of-service conditions (Red Hat Bugzilla, NVD).

The vulnerability has been fixed in multiple Qt versions including 5.12.11, 5.15.4, 6.0.3, and 6.1.0 RC. Various distributions have also released security updates to address this issue, such as Red Hat Enterprise Linux 8 through RHSA-2021:4172 and Debian through DLA-3539-1 (Red Hat Bugzilla, Debian Advisory).