VDB

MAGEIA-2014-263

MAGEIA-2014-263 PUBLISHED

Updated qt3 packages fix security vulnerabilities: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed (CVE-2013-4549). A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash (CVE-2014-0190)..

Affected Products

VendorProductVersions
Mageiaqt30, 3.3.8b-33.2.mga4
Mageiaqt30, *

Timeline

  • Jun 18, 2014 CVE Updated
  • Jun 18, 2014 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›