CVE-2015-9541
HIGHQt < 5.12.8 - XML External Entity Injection via QXmlStreamReader
Title source: llmDescription
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://bugreports.qt.io/browse/QTBUG-47417
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/
Scores
CVSS v3
7.5
EPSS
0.0251
EPSS Percentile
82.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-776
Status
published
Products (3)
fedoraproject/fedora
31
fedoraproject/fedora
32
qt/qt
5.5.0 - 5.12.8
Published
Jan 24, 2020
Tracked Since
Feb 18, 2026