[Development] [Announce] Security Advisory: QXmlStreamReader
2023-07-18
Thread
List for announcements regarding Qt releases and development via Announce via Development
A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-38197. QXmlStreamReader can freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Solution: Apply the attached patch or update to Qt 5.15.15, Qt 6.2.10
[Development] [Announce] Security advisory: QXmlStreamReader
2023-07-07
Thread
List for announcements regarding Qt releases and development via Announce via Development
A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-37369 When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash. Solution: Validate any XML being passed to QXmlStreamRead