Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-50748

XMLStreamReader vulnerable to XML 'bomb'

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Incomplete
    • Icon: Not Evaluated Not Evaluated
    • None
    • 5.5.1
    • XML: Stream Reader/Writer
    • None
    • OS X

      When loading an SVG that has been malformed to enabled an XML bomb style attack, QXMLStreamReader will continually take system resources until it's force quit. Only tested against OS X so far.

        1. robot-xmlbomb.svg
          209 kB
          Nick
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            thiago Thiago Macieira
            nsmith Nick
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes