CVE-2015-9541

Опубликовано: 24 янв. 2020

Источник: debian

EPSS Низкий

Описание

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
qtbase-opensource-src	fixed	5.12.5+dfsg-9		package
qtbase-opensource-src	fixed	5.11.3+dfsg1-1+deb10u5	buster	package
qtbase-opensource-src	no-dsa		stretch	package
qtbase-opensource-src	ignored		jessie	package

Примечания

https://bugreports.qt.io/browse/QTBUG-47417
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=fd4be84d23a0db4186cb42e736a9de3af722c7f7
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f432c08882ffebe5074ea28de871559a98a4d094 (5.12 backport)

EPSS

Процентиль: 76%

0.01042

Низкий

Связанные уязвимости

CVE-2015-9541

CVSS3: 7.5

ubuntu

больше 5 лет назад

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

CVE-2015-9541

CVSS3: 7.5

redhat

почти 10 лет назад

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

CVE-2015-9541

CVSS3: 7.5

nvd

больше 5 лет назад

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

CVE-2015-9541

CVSS3: 7.5

msrc

почти 4 года назад

Описание отсутствует

GHSA-h29v-8cc2-w88r

CVSS3: 7.5

github

около 3 лет назад

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

EPSS

Процентиль: 76%

0.01042

Низкий