PT-2020-7913 · Qt Company+5 · Qt+5

User-5E788

·

Published

2015-07-24

·

Updated

2020-11-04

·

CVE-2015-9541

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions: Qt versions prior to 5.15
Description: The issue allows for an exponential XML entity expansion attack. This can occur via a crafted SVG document that is mishandled in QXmlStreamReader.
Recommendations: For Qt versions prior to 5.15, update to version 5.15 or later to resolve the issue.

Fix

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

ALSA-2020:4690
ALT-PU-2020-1721
ALT-PU-2020-1722
ALT-PU-2020-1723
ALT-PU-2020-1724
ALT-PU-2020-1725
ALT-PU-2020-1726
ALT-PU-2020-1727
ALT-PU-2020-1728
ALT-PU-2020-1729
ALT-PU-2020-1730
ALT-PU-2020-1731
ALT-PU-2020-1732
ALT-PU-2020-1733
ALT-PU-2020-1734
ALT-PU-2020-1735
ALT-PU-2020-1736
ALT-PU-2020-1737
ALT-PU-2020-1738
ALT-PU-2020-1739
ALT-PU-2020-1740
ALT-PU-2020-1741
ALT-PU-2020-1742
ALT-PU-2020-1743
ALT-PU-2020-1744
ALT-PU-2020-1745
ALT-PU-2020-1746
ALT-PU-2020-1747
ALT-PU-2020-1748
ALT-PU-2020-1749
ALT-PU-2020-1750
ALT-PU-2020-1751
ALT-PU-2020-1752
ALT-PU-2020-1753
ALT-PU-2020-1787
ALT-PU-2020-1788
ALT-PU-2020-1789
ALT-PU-2020-1790
ALT-PU-2020-1791
ALT-PU-2020-1792
ALT-PU-2020-1793
ALT-PU-2020-1794
ALT-PU-2020-1795
ALT-PU-2020-1796
ALT-PU-2020-1797
ALT-PU-2020-1798
ALT-PU-2020-1799
ALT-PU-2020-1800
ALT-PU-2020-1801
ALT-PU-2020-1802
ALT-PU-2020-1803
ALT-PU-2020-1804
ALT-PU-2020-1805
ALT-PU-2020-1806
ALT-PU-2020-1807
ALT-PU-2020-1808
ALT-PU-2020-1809
ALT-PU-2020-1810
ALT-PU-2020-1811
ALT-PU-2020-1812
ALT-PU-2020-1813
ALT-PU-2020-1814
ALT-PU-2020-1815
ALT-PU-2020-1816
ALT-PU-2020-1817
ALT-PU-2020-1818
ALT-PU-2020-1819
ALT-PU-2020-1820
AZL-6832
BDU:2025-04906
CESA-2020_4690
CVE-2015-9541
MGASA-2020-0192
RHSA-2020:4690
RHSA-2020_4690
RLSA-2020:4690

Affected Products

Alt Linux
Almalinux
Centos
Qt
Red Hat
Rocky Linux