CVE-2013-4549

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-4549
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html
http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
http://secunia.com/advisories/56008 Vendor Advisory
http://secunia.com/advisories/56166 Vendor Advisory
http://www.ubuntu.com/usn/USN-2057-1
https://codereview.qt-project.org/#change%2C71010
https://codereview.qt-project.org/#change%2C71368
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*
History

13 Feb 2023, 04:47

Type Values Removed Values Added
References
  • {'url': 'https://codereview.qt-project.org/#change,71010', 'name': 'https://codereview.qt-project.org/#change,71010', 'tags': ['Patch'], 'refsource': 'CONFIRM'}
  • {'url': 'https://codereview.qt-project.org/#change,71368', 'name': 'https://codereview.qt-project.org/#change,71368', 'tags': ['Patch'], 'refsource': 'CONFIRM'}
  • (MISC) https://codereview.qt-project.org/#change%2C71368 -
  • (MISC) https://codereview.qt-project.org/#change%2C71010 -

16 Jun 2021, 12:40

Type Values Removed Values Added
CPE cpe:2.3:a:digia:qt:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:digia:qt:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:digia:qt:5.0.1:*:*:*:*:*:*:*		 cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*
Information

Published : 2013-12-23 22:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-4549

Mitre link : CVE-2013-4549

CVE.ORG link : CVE-2013-4549

JSON object : View

Products Affected

qt

  • qt

digia

  • qt
CWE
CWE-20

Improper Input Validation