MAGEIA-2014-263
Updated qt3 packages fix security vulnerabilities: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed (CVE-2013-4549). A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash (CVE-2014-0190)..
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | qt3 | 0, 3.3.8b-33.2.mga4 |
| Mageia | qt3 | 0, * |
Timeline
- Jun 18, 2014 CVE Updated
- Jun 18, 2014 CVE Published
References
- Updated qt3 packages fix security vulnerabilities advisory
- Updated qt3 packages fix security vulnerabilities issue
- Updated qt3 packages fix security vulnerabilities issue
- Updated qt3 packages fix security vulnerabilities issue
- Updated qt3 packages fix security vulnerabilities issue
- Updated qt3 packages fix security vulnerabilities issue
- Updated qt3 packages fix security vulnerabilities issue
- Updated qt3 packages fix security vulnerabilities issue