Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-47417

exponential entity expansion attack using svg

    XMLWordPrintable

Details

    • fd4be84d23a0db4186cb42e736a9de3af722c7f7 (qt/qtbase/dev) f432c08882ffebe5074ea28de871559a98a4d094 (qt/qtbase/5.12.8)

    Description

      a svg can be made to contain a xml bomb (https://en.wikipedia.org/wiki/Billion_laughs).
      When Qt tries to parse the svg an out of memory situation may occur. I.e. no detection of reference loops exist.

      Attachments

        1. example.cpp
          1 kB
          user-5e788
        2. example1.cpp
          1 kB
          user-5e788
        3. main.cpp
          1 kB
          Jon Hood

        Issue Links

          For Gerrit Dashboard: QTBUG-47417
          # Subject Branch Project Status CR V

          Activity

            People

              laknoll Lars Knoll
              jirauser37058 user-5e788 (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              17 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes