CVE-2016-10040Improper Restriction of Operations within the Bounds of a Memory Buffer in Qxmlsimplereader

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-776XML Entity Expansion13 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.6%
top 30.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Qtbase-opensource-srcQT Qxmlsimplereader
Timeline
PublishedMar 7
Latest updateMay 17

Description

Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

debiandebian/qtbase-opensource-src< qtbase-opensource-src 5.2.0+dfsg-7 (bookworm)

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-6ppq-w2qp-6rhq: Stack-based buffer overflow in QXmlSimpleReader in Qt 42022-05-17
OSV
CVE-2016-10040: Stack-based buffer overflow in QXmlSimpleReader in Qt 42017-03-07

📋Vendor Advisories

2
Red Hat
qt: stack overflow in QXmlSimpleReader2016-12-24
Debian
CVE-2016-10040: qtbase-opensource-src - Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attack...2016

💬Community

8
Bugzilla
CVE-2016-10040 qt5-qtbase: qt: stack overflow in QXmlSimpleReader [fedora-all]2017-01-02
Bugzilla
CVE-2016-10040 mingw-qt5-qtbase: qt: stack overflow in QXmlSimpleReader [fedora-all]2017-01-02
Bugzilla
CVE-2016-10040 mingw-qt: qt: stack overflow in QXmlSimpleReader [epel-7]2017-01-02
Bugzilla
CVE-2016-10040 qt: stack overflow in QXmlSimpleReader [fedora-all]2017-01-02
Bugzilla
CVE-2016-10040 mingw-qt: qt: stack overflow in QXmlSimpleReader [fedora-all]2017-01-02
CVE-2016-10040 — QT Qxmlsimplereader vulnerability | cvebase