FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
89709e58-d497-11e3-a3d5-5453ed2e2b49qt4-xml -- XML Entity Expansion Denial of Service

Richard J. Moore reports:

QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed.

It is possible to construct XML documents using internal entities that consume large amounts of memory and other resources to process, this is known as the 'Billion Laughs' attack. Qt versions prior to 5.2 did not offer protection against this issue.


Discovery 2013-12-05
Entry 2014-05-05
qt4-xml
< 4.8.6

CVE-2013-4549
http://lists.qt-project.org/pipermail/announce/2013-December/000036.html