PT-2023-4688 · Qt Company+8 · Qt+8

Published

2023-07-12

·

Updated

2025-08-25

·

CVE-2023-38197

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Qt versions prior to 5.15.15 Qt versions 6.x prior to 6.2.10 Qt versions 6.3.x through 6.5.x prior to 6.5.3
Description The issue is related to infinite loops in recursive entity expansion, which can lead to a denial of service. This can be exploited by a remote attacker. The vulnerability is associated with the QXmlStreamReader function of the Qt cross-platform framework.
Recommendations For Qt versions prior to 5.15.15, update to version 5.15.15 or later. For Qt versions 6.x prior to 6.2.10, update to version 6.2.10 or later. For Qt versions 6.3.x through 6.5.x prior to 6.5.3, update to version 6.5.3 or later.

Fix

Infinite Loop

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2023:6369
ALSA-2023:6967
ALT-PU-2023-5566
ALT-PU-2023-5570
ALT-PU-2023-7215
ALT-PU-2023-7216
ALT-PU-2023-7217
ALT-PU-2023-7218
ALT-PU-2023-7219
ALT-PU-2023-7220
ALT-PU-2023-7221
ALT-PU-2023-7222
ALT-PU-2023-7223
ALT-PU-2023-7224
ALT-PU-2023-7225
ALT-PU-2023-7226
ALT-PU-2023-7227
ALT-PU-2023-7228
ALT-PU-2023-7229
ALT-PU-2023-7230
ALT-PU-2023-7231
ALT-PU-2023-7232
ALT-PU-2023-7233
ALT-PU-2023-7234
ALT-PU-2023-7235
ALT-PU-2023-7236
ALT-PU-2023-7237
ALT-PU-2024-1120
ALT-PU-2024-12660
ALT-PU-2024-12662
ALT-PU-2024-12663
ALT-PU-2024-12664
ALT-PU-2024-12665
ALT-PU-2024-12666
ALT-PU-2024-12667
ALT-PU-2024-12668
ALT-PU-2024-12669
ALT-PU-2024-12670
ALT-PU-2024-12671
ALT-PU-2024-12673
ALT-PU-2024-12674
ALT-PU-2024-12675
ALT-PU-2024-12676
ALT-PU-2024-12677
ALT-PU-2024-12678
ALT-PU-2024-12679
ALT-PU-2024-12680
ALT-PU-2024-12681
ALT-PU-2024-12682
ALT-PU-2024-12683
ALT-PU-2024-12684
ALT-PU-2024-12685
ALT-PU-2024-12686
ALT-PU-2024-12687
ALT-PU-2024-12688
ALT-PU-2024-12689
ALT-PU-2024-12690
ALT-PU-2024-12691
ALT-PU-2024-12692
ALT-PU-2024-12693
ALT-PU-2024-12694
ALT-PU-2024-12695
ALT-PU-2024-14231
ALT-PU-2024-14233
ALT-PU-2024-14234
ALT-PU-2024-14235
ALT-PU-2024-14236
ALT-PU-2024-14237
ALT-PU-2024-14238
ALT-PU-2024-14239
ALT-PU-2024-14240
ALT-PU-2024-14241
ALT-PU-2024-14242
ALT-PU-2024-14243
ALT-PU-2024-14244
ALT-PU-2024-14245
ALT-PU-2024-14246
ALT-PU-2024-14247
ALT-PU-2024-14248
ALT-PU-2024-14250
ALT-PU-2024-14251
ALT-PU-2024-14252
ALT-PU-2024-14253
ALT-PU-2024-14254
ALT-PU-2024-14255
ALT-PU-2024-14256
ALT-PU-2024-14257
ALT-PU-2024-14258
ALT-PU-2024-14259
ALT-PU-2024-14260
ALT-PU-2024-14261
ALT-PU-2024-14262
ALT-PU-2024-14264
ALT-PU-2024-14265
ALT-PU-2024-14266
ALT-PU-2024-14267
ALT-PU-2024-2801
AZL-27652
BDU:2023-05105
CESA-2023_6967
CVE-2023-38197
DLA-3539-1
DLA-3805-1
OESA-2023-1877
OESA-2023-1878
OESA-2023-1879
OESA-2023-1880
OESA-2023-1881
OPENSUSE-SU-2023_2982-1
OPENSUSE-SU-2023_3225-1
OPENSUSE-SU-2023_3380-1
OPENSUSE-SU-2024:13079-1
OPENSUSE-SU-2024:13377-1
RHSA-2023:6369
RHSA-2023:6967
RHSA-2023_6369
RHSA-2023_6967
ROSA-SA-2025-2677
SUSE-SU-2023:2971-1
SUSE-SU-2023:2982-1
SUSE-SU-2023:3018-1
SUSE-SU-2023:3207-1
SUSE-SU-2023:3225-1
SUSE-SU-2023:3380-1
SUSE-SU-2023:4622-1
SUSE-SU-2023_2971-1
SUSE-SU-2023_2982-1
SUSE-SU-2023_3018-1
SUSE-SU-2023_3207-1
SUSE-SU-2023_3225-1
SUSE-SU-2025:02968-1
SUSE-SU-2025_02968-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Qt
Red Hat
Red Os
Suse