CVE-2013-4549 — Improper Input Validation in Qtbase-opensource-src

CWE-20 — Improper Input Validation CWE-611 — XML External Entity (XXE) Injection9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

5.2%

top 10.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Qtbase-opensource-src Digia QT QT

Timeline

PublishedDec 23

Latest updateMay 13

Description

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/qtbase-opensource-src< qtbase-opensource-src 5.1.1+dfsg-6 (bookworm)

▶NVDdigia/qt5.1.0

▶NVDqt/qt5.0.2

🔴Vulnerability Details

GHSA

GHSA-73gj-v8wr-fjfj: QXmlSimpleReader in Qt before 5↗2022-05-13

▶

OSV

CVE-2013-4549: QXmlSimpleReader in Qt before 5↗2013-12-23

▶

📋Vendor Advisories

Ubuntu

Qt vulnerability↗2013-12-17

▶

Red Hat

QtXML: XML entity expansion denial of service↗2013-12-05

▶

Debian

CVE-2013-4549: qtbase-opensource-src - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a ...↗2013

▶

💬Community

Bugzilla

CVE-2013-4549 qtsoap: QtXML: XML entity expansion denial of service [fedora-all]↗2014-03-14

▶

Bugzilla

CVE-2013-4549 qtsoap: QtXML: XML entity expansion denial of service [epel-6]↗2014-03-14

▶

Bugzilla

CVE-2013-4549 QtXML: XML entity expansion denial of service↗2013-04-22

▶