Описание
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qtbase-opensource-src | fixed | 5.11.3+dfsg-1 | experimental | package |
| qtbase-opensource-src | fixed | 5.11.3+dfsg-2 | package | |
| qt4-x11 | fixed | 4:4.8.7+dfsg-18 | package |
Примечания
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
https://codereview.qt-project.org/#/c/236691/
Связанные уязвимости
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
Уязвимость функции QXMLStreamReader компонента QXmlStream кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к информации