- Home
- CVEs with nessus.description==Richard J. Moore reports :
QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of
internal entities in XML documents without placing restrictions to
ensure the document does not cause excessive memory usage. If an
application using this API processes untrusted data then the
application may use unexpected amounts of memory if a malicious
document is processed.
It is possible to construct XML documents using internal entities that
consume large amounts of memory and other resources to process, this
is known as the 'Billion Laughs' attack. Qt versions prior to 5.2 did
not offer protection against this issue.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top