Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-47417

exponential entity expansion attack using svg

    XMLWordPrintable

    Details

    • Commits:
      fd4be84d23a0db4186cb42e736a9de3af722c7f7 (qt/qtbase/dev) f432c08882ffebe5074ea28de871559a98a4d094 (qt/qtbase/5.12.8)

      Description

      a svg can be made to contain a xml bomb (https://en.wikipedia.org/wiki/Billion_laughs).
      When Qt tries to parse the svg an out of memory situation may occur. I.e. no detection of reference loops exist.

        Attachments

        1. example.cpp
          1 kB
        2. example1.cpp
          1 kB
        3. main.cpp
          1 kB

          Issue Links

          For Gerrit Dashboard: QTBUG-47417
          # Subject Branch Project Status CR V

            Activity

              People

              Assignee:
              laknoll Lars Knoll
              Reporter:
              Henga Henga Morry
              Votes:
              3 Vote for this issue
              Watchers:
              17 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes