PT-2023-8007 · Qt Company+8 · Qt+8

Robert Löhning

Published

2023-06-28

Updated

2025-08-25

CVE-2023-37369

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Qt versions prior to 5.15.15 Qt versions 6.x prior to 6.2.9 Qt versions 6.3.x through 6.5.x prior to 6.5.2

Description The issue is related to a crafted XML string that can cause an application crash in QXmlStreamReader. This occurs when a prefix is greater than a length, potentially leading to a buffer overflow in memory when processing XML files. The exploitation of this issue could allow a remote attacker to cause a denial of service.

Recommendations For Qt versions prior to 5.15.15, update to version 5.15.15 or later. For Qt versions 6.x prior to 6.2.9, update to version 6.2.9 or later. For Qt versions 6.3.x through 6.5.x prior to 6.5.2, update to version 6.5.2 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2023:6369

ALSA-2023:6967

ALT-PU-2023-5566

ALT-PU-2023-5570

ALT-PU-2023-7215

ALT-PU-2023-7216

ALT-PU-2023-7217

ALT-PU-2023-7218

ALT-PU-2023-7219

ALT-PU-2023-7220

ALT-PU-2023-7221

ALT-PU-2023-7222

ALT-PU-2023-7223

ALT-PU-2023-7224

ALT-PU-2023-7225

ALT-PU-2023-7226

ALT-PU-2023-7227

ALT-PU-2023-7228

ALT-PU-2023-7229

ALT-PU-2023-7230

ALT-PU-2023-7231

ALT-PU-2023-7232

ALT-PU-2023-7233

ALT-PU-2023-7234

ALT-PU-2023-7235

ALT-PU-2023-7236

ALT-PU-2023-7237

ALT-PU-2024-1120

ALT-PU-2024-12660

ALT-PU-2024-12662

ALT-PU-2024-12663

ALT-PU-2024-12664

ALT-PU-2024-12665

ALT-PU-2024-12666

ALT-PU-2024-12667

ALT-PU-2024-12668

ALT-PU-2024-12669

ALT-PU-2024-12670

ALT-PU-2024-12671

ALT-PU-2024-12673

ALT-PU-2024-12674

ALT-PU-2024-12675

ALT-PU-2024-12676

ALT-PU-2024-12677

ALT-PU-2024-12678

ALT-PU-2024-12679

ALT-PU-2024-12680

ALT-PU-2024-12681

ALT-PU-2024-12682

ALT-PU-2024-12683

ALT-PU-2024-12684

ALT-PU-2024-12685

ALT-PU-2024-12686

ALT-PU-2024-12687

ALT-PU-2024-12688

ALT-PU-2024-12689

ALT-PU-2024-12690

ALT-PU-2024-12691

ALT-PU-2024-12692

ALT-PU-2024-12693

ALT-PU-2024-12694

ALT-PU-2024-12695

ALT-PU-2024-14231

ALT-PU-2024-14233

ALT-PU-2024-14234

ALT-PU-2024-14235

ALT-PU-2024-14236

ALT-PU-2024-14237

ALT-PU-2024-14238

ALT-PU-2024-14239

ALT-PU-2024-14240

ALT-PU-2024-14241

ALT-PU-2024-14242

ALT-PU-2024-14243

ALT-PU-2024-14244

ALT-PU-2024-14245

ALT-PU-2024-14246

ALT-PU-2024-14247

ALT-PU-2024-14248

ALT-PU-2024-14250

ALT-PU-2024-14251

ALT-PU-2024-14252

ALT-PU-2024-14253

ALT-PU-2024-14254

ALT-PU-2024-14255

ALT-PU-2024-14256

ALT-PU-2024-14257

ALT-PU-2024-14258

ALT-PU-2024-14259

ALT-PU-2024-14260

ALT-PU-2024-14261

ALT-PU-2024-14262

ALT-PU-2024-14264

ALT-PU-2024-14265

ALT-PU-2024-14266

ALT-PU-2024-14267

ALT-PU-2024-2801

ALT-PU-2024-3485

AZL-27920

BDU:2023-09121

CESA-2023_6967

CVE-2023-37369

DLA-3539-1

DLA-3805-1

OESA-2023-1610

OESA-2023-1877

OESA-2023-1878

OESA-2023-1879

OESA-2023-1880

OESA-2023-1881

OPENSUSE-SU-2023_4951-1

OPENSUSE-SU-2024:13147-1

OPENSUSE-SU-2024:13470-1

RHSA-2023:6369

RHSA-2023:6967

RHSA-2023_6369

RHSA-2023_6967

ROSA-SA-2025-2677

SUSE-SU-2023:4622-1

SUSE-SU-2023:4950-1

SUSE-SU-2023:4951-1

SUSE-SU-2023_4950-1

SUSE-SU-2023_4951-1

SUSE-SU-2024:2946-1

SUSE-SU-2024_2946-1

SUSE-SU-2025:02968-1

SUSE-SU-2025_02968-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Red Hat

Red Os

Suse

PT-2023-8007 · Qt Company+8 · Qt+8

CVE-2023-37369

Weakness Enumeration

Related Identifiers

Affected Products

References · 103