VDB
CVE-2015-9541
CVE-2015-9541
PUBLISHED
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
EPSS 0.56% · 68.6th percentile
Risk Scores
EPSS Score
0.56%
68.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | pyside | 0, 1.2.1-1, 1.1.2-4 |
| Ubuntu:16.04:LTS | qt4-x11 | 4:4.8.7+dfsg-5ubuntu2, 4:4.8.7+dfsg-5ubuntu1, 0 |
| Ubuntu:20.04:LTS | phantomjs | 2.1.1+dfsg-2ubuntu1, 0, 2.1.1+dfsg-2 |
| Ubuntu:18.04:LTS | qt4-x11 | 0, 4:4.8.7+dfsg-7ubuntu1 |
| Ubuntu:18.04:LTS | pyside | *, 1.2.2+source1-3, * |
| Ubuntu:24.04:LTS | pyside2 | 5.15.10-4, 0, 5.15.11-1 |
| Ubuntu:18.04:LTS | phantomjs | 2.1.1+dfsg-2, 0 |
| Ubuntu:20.04:LTS | pyside2 | *, 0, 5.11.2-3build2 |
| Ubuntu:16.04:LTS | pyside | 1.2.2-2, 0, 1.2.2-2build2 |
| Ubuntu:25.10 | pyside2 | 0, 5.15.16-3.1build3, 5.15.16-3.1build1 |
| Ubuntu:Pro:18.04:LTS | qtbase-opensource-src | 5.9.5+dfsg-0ubuntu2.3, 0, 5.9.1+dfsg-10ubuntu2 |
| Ubuntu:16.04:LTS | phantomjs | *, 2.0.0+dfsg-1, 1.9.0-1 |
| Ubuntu:22.04:LTS | pyside2 | 5.15.2-1, 0, 5.15.2-2 |
| Ubuntu:Pro:16.04:LTS | qtbase-opensource-src | 5.5.1+dfsg-15ubuntu1, 5.5.1+dfsg-14ubuntu3, 5.5.1+dfsg-14ubuntu2 |
| Ubuntu:14.04:LTS | qt4-x11 | 4:4.8.5+git192-g085f851+dfsg-2ubuntu4, 4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1, * |
Timeline
- Jan 24, 2020 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-9541 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-9541 third-party-advisory