Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201403-04
HistoryMar 13, 2014 - 12:00 a.m.

QtCore: Denial of service

2014-03-1300:00:00
Gentoo Foundation
security.gentoo.org
11

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

Background

The Qt toolkit is a comprehensive C++ application development framework.

Description

A vulnerability in QXmlSimpleReader’s XML entity parsing has been discovered.

Impact

A remote attacker could entice a user to open a specially crafted XML file using an application linked against QtCore, possibly resulting in Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All QtCore users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.5-r1"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-qt/qtcore< 4.8.5-r1UNKNOWN

Related

openvas 26
nessus 17
fedora 14
mageia 3
securityvulns 2
prion 1
debiancve 1
cve 1
freebsd 1
ubuntucve 1
ubuntu 1
openvas
openvas
Fedora Update for qt5-qtbase FEDORA-2014-5680
2014-05-12 00:00:00
Fedora Update for qt3 FEDORA-2013-22847
2014-02-03 00:00:00
Fedora Update for qt5-qtbase FEDORA-2014-5710
2014-05-12 00:00:00
nessus
nessus
FreeBSD : qt4-xml -- XML Entity Expansion Denial of Service (89709e58-d497-11e3-a3d5-5453ed2e2b49)
2014-05-06 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : qt4-x11, qtbase-opensource-src vulnerability (USN-2057-1)
2013-12-18 00:00:00
Fedora 19 : qt-4.8.5-15.fc19 (2013-22932)
2014-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: qt5-qtbase-5.2.1-8.fc19
2014-05-06 03:32:31
[SECURITY] Fedora 19 Update: qt3-3.3.8b-56.fc19
2014-01-23 11:11:04
[SECURITY] Fedora 20 Update: qt3-3.3.8b-56.fc20
2014-01-23 11:18:08
mageia
mageia
Updated qt5 packages fix security vulnerability.
2014-03-03 23:58:12
Updated qt4 package fixes security vulnerability
2014-01-17 04:20:35
Updated qt3 packages fix security vulnerabilities
2014-06-18 22:02:44
securityvulns
securityvulns
QT resources exhaustion
2013-12-24 00:00:00
[USN-2057-1] Qt vulnerability
2013-12-24 00:00:00
prion
prion
Code injection
2013-12-23 22:55:00
debiancve
debiancve
CVE-2013-4549
2013-12-23 22:55:00
cve
cve
CVE-2013-4549
2013-12-23 22:55:00
freebsd
freebsd
qt4-xml -- XML Entity Expansion Denial of Service
2013-12-05 00:00:00
ubuntucve
ubuntucve
CVE-2013-4549
2013-12-05 00:00:00
ubuntu
ubuntu
Qt vulnerability
2013-12-17 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON
Related for GLSA-201403-04
openvas26nessus17fedora14mageia3securityvulns2prion1debiancve1cve1freebsd1ubuntucve1ubuntu1