5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.015 Low
EPSS
Percentile
86.6%
Updated qt3 packages fix security vulnerabilities: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed (CVE-2013-4549). A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash (CVE-2014-0190)…
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | qt3 | < 3.3.8b-32.1 | qt3-3.3.8b-32.1.mga3 |
Mageia | 4 | noarch | qt3 | < 3.3.8b-33.2 | qt3-3.3.8b-33.2.mga4 |
advisories.mageia.org/MGASA-2014-0009.html
advisories.mageia.org/MGASA-2014-0240.html
lists.qt-project.org/pipermail/announce/2013-December/000036.html
lists.qt-project.org/pipermail/announce/2014-April/000045.html
bugs.mageia.org/show_bug.cgi?id=13509
lists.fedoraproject.org/pipermail/package-announce/2014-January/127076.html
lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html