Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-47417

exponential entity expansion attack using svg

    XMLWordPrintable

Details

    • fd4be84d23a0db4186cb42e736a9de3af722c7f7 (qt/qtbase/dev) f432c08882ffebe5074ea28de871559a98a4d094 (qt/qtbase/5.12.8)

    Description

      a svg can be made to contain a xml bomb (https://en.wikipedia.org/wiki/Billion_laughs).
      When Qt tries to parse the svg an out of memory situation may occur. I.e. no detection of reference loops exist.

      Attachments

        1. example.cpp
          1 kB
        2. example1.cpp
          1 kB
        3. main.cpp
          1 kB

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-50748 XMLStreamReader vulnerable to XML 'bomb'

          • Not Evaluated - Not yet evaluated/prioritized
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-82153 Exponential use node instantiation in SVG

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          For Gerrit Dashboard: QTBUG-47417
          # Subject Branch Project Status CR V
          292006,7 Add an expansion limit for entities 5.15 qt/qtbase Status: MERGED +2 0
          293909,5 Add an expansion limit for entities 5.12.8 qt/qtbase Status: MERGED +2 0

          Activity

            People

              laknoll Lars Knoll
              jirauser37058 user-5e788 (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              17 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes