Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-50748

XMLStreamReader vulnerable to XML 'bomb'

    XMLWordPrintable

Details

    • Bug
    • Resolution: Incomplete
    • Not Evaluated
    • None
    • 5.5.1
    • XML: Stream Reader/Writer
    • None
    • OS X

    Description

      When loading an SVG that has been malformed to enabled an XML bomb style attack, QXMLStreamReader will continually take system resources until it's force quit. Only tested against OS X so far.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-47417 exponential entity expansion attack using svg

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              thiago Thiago Macieira
              nsmith Nick
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes