[Bug 1259577] [NEW] Security: XML Entity Expansion Denial of Service

Jonathan Riddell jriddell at ubuntu.com
Tue Dec 10 14:37:26 UTC 2013 

Public bug reported:

http://lists.qt-project.org/pipermail/announce/2013-December/000036.html

Qt Project Security Advisory
----------------------------

Title:        XML Entity Expansion Denial of Service
Risk Rating:  Low
CVE:          CVE-2013-4549
Platforms:    All
Modules:      QtBase
Versions:     All versions before 5.2
Author:       Richard J. Moore <rich at kde.org>
Date:         5 December 2013

Overview
--------

QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal
entities in XML documents without placing restrictions to ensure the document
does not cause excessive memory usage. If an application using this API
processes untrusted data then the application may use unexpected amounts of
memory if a malicious document is processed.

Details
-------

It is possible to construct XML documents using internal entities that consume
large amounts of memory and other resources to process, this is known as the
'Billion Laughs' attack. Qt versions prior to 5.2 did not offer protection
against this issue.

Impact
------

An application loading untrusted XML data may consume arbitrary amounts of
memory and CPU when attempting to parse a maliciously constructed document.

** Affects: qt4-x11 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: qt4-x11 (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: qt4-x11 (Ubuntu Quantal)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu Quantal)
     Importance: Undecided
         Status: New

** Affects: qt4-x11 (Ubuntu Raring)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu Raring)
     Importance: Undecided
         Status: New

** Affects: qt4-x11 (Ubuntu Saucy)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu Saucy)
     Importance: Undecided
         Status: New

** Affects: qt4-x11 (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Also affects: qtbase-opensource-src (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to qt4-x11 in Ubuntu.
https://bugs.launchpad.net/bugs/1259577

Title:
  Security: XML Entity Expansion Denial of Service

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/1259577/+subscriptions

More information about the kubuntu-bugs mailing list