Qt is is vulnerable to XML entity expansion. The vulnerability exists due to mishandling of ‘QXmlStreamReader’ allowing a malicious attacker to send crafted SVG to cause an xml bomb attack.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
access.redhat.com/errata/RHSA-2020:4690
access.redhat.com/security/updates/classification/#moderate
bugreports.qt.io/browse/QTBUG-47417
lists.fedoraproject.org/archives/list/[email protected]/message/2PT6327C64Q4RBFRWUSBKCG7SVGBWU5W/
lists.fedoraproject.org/archives/list/[email protected]/message/EZMMF4OEJAZRVKVXNO7IZWLEZVQGJN6G/