CVE-2013-4549

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
digiaqt
𝑥
≤ 5.1.0
qtqt
5.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qtbase-opensource-src
bookworm
5.15.8+dfsg-11+deb12u2
fixed
bullseye
5.15.2+dfsg-9+deb11u1
fixed
sid
5.15.15+dfsg-2
fixed
squeeze
no-dsa
trixie
5.15.13+dfsg-4
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phantomjs
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
lucid
dne
precise
not-affected
quantal
ignored
raring
ignored
saucy
ignored
trusty
Fixed 1.9.0-1ubuntu0.1~esm1
released
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
qt4-x11
artful
Fixed 4:4.8.4+dfsg-0ubuntu20
released
bionic
Fixed 4:4.8.4+dfsg-0ubuntu20
released
cosmic
Fixed 4:4.8.4+dfsg-0ubuntu20
released
disco
Fixed 4:4.8.4+dfsg-0ubuntu20
released
lucid
ignored
precise
Fixed 4:4.8.1-0ubuntu4.5
released
quantal
Fixed 4:4.8.3+dfsg-0ubuntu3.2
released
raring
Fixed 4:4.8.4+dfsg-0ubuntu9.5
released
saucy
Fixed 4:4.8.4+dfsg-0ubuntu18.1
released
trusty
Fixed 4:4.8.4+dfsg-0ubuntu20
released
utopic
Fixed 4:4.8.4+dfsg-0ubuntu20
released
vivid
Fixed 4:4.8.4+dfsg-0ubuntu20
released
wily
Fixed 4:4.8.4+dfsg-0ubuntu20
released
xenial
Fixed 4:4.8.4+dfsg-0ubuntu20
released
yakkety
Fixed 4:4.8.4+dfsg-0ubuntu20
released
zesty
Fixed 4:4.8.4+dfsg-0ubuntu20
released
qtbase-opensource-src
artful
Fixed 5.0.2+dfsg1-7ubuntu13
released
bionic
Fixed 5.0.2+dfsg1-7ubuntu13
released
cosmic
Fixed 5.0.2+dfsg1-7ubuntu13
released
disco
Fixed 5.0.2+dfsg1-7ubuntu13
released
lucid
dne
precise
dne
quantal
dne
raring
Fixed 5.0.1+dfsg-0ubuntu4.1
released
saucy
Fixed 5.0.2+dfsg1-7ubuntu11.1
released
trusty
Fixed 5.0.2+dfsg1-7ubuntu13
released
utopic
Fixed 5.0.2+dfsg1-7ubuntu13
released
vivid
Fixed 5.0.2+dfsg1-7ubuntu13
released
wily
Fixed 5.0.2+dfsg1-7ubuntu13
released
xenial
Fixed 5.0.2+dfsg1-7ubuntu13
released
yakkety
Fixed 5.0.2+dfsg1-7ubuntu13
released
zesty
Fixed 5.0.2+dfsg1-7ubuntu13
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libqt4
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-32bit
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-qt3support
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-qt3support-32bit
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-32bit
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-mysql
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-mysql-32bit
suse enterprise desktop 12
4.8.6-2.6
fixed
suse enterprise desktop 12 SP1
4.8.6-4.1
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-2.6
fixed
suse enterprise sap 12 SP1
4.8.6-4.1
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-2.6
fixed
suse enterprise server 12 SP1
4.8.6-4.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
suse enterprise workstation 12
4.8.6-2.6
fixed
suse enterprise workstation 12 SP1
4.8.6-4.1
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-postgresql
suse enterprise desktop 12
4.8.6-2.6
fixed
suse enterprise desktop 12 SP1
4.8.6-4.1
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-2.6
fixed
suse enterprise sap 12 SP1
4.8.6-4.1
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-2.6
fixed
suse enterprise server 12 SP1
4.8.6-4.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
suse enterprise workstation 12
4.8.6-2.6
fixed
suse enterprise workstation 12 SP1
4.8.6-4.1
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-postgresql-32bit
suse enterprise desktop 12
4.8.6-2.6
fixed
suse enterprise desktop 12 SP1
4.8.6-4.1
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-2.6
fixed
suse enterprise sap 12 SP1
4.8.6-4.1
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-2.6
fixed
suse enterprise server 12 SP1
4.8.6-4.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
suse enterprise workstation 12
4.8.6-2.6
fixed
suse enterprise workstation 12 SP1
4.8.6-4.1
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-sqlite
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-sqlite-32bit
suse enterprise desktop 12
4.8.6-2.11
fixed
suse enterprise desktop 12 SP1
4.8.6-4.2
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-2.11
fixed
suse enterprise sap 12 SP1
4.8.6-4.2
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-2.11
fixed
suse enterprise server 12 SP1
4.8.6-4.2
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
suse enterprise workstation 12
4.8.6-2.11
fixed
suse enterprise workstation 12 SP1
4.8.6-4.2
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-unixODBC
suse enterprise desktop 12
4.8.6-2.6
fixed
suse enterprise desktop 12 SP1
4.8.6-4.1
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-2.6
fixed
suse enterprise sap 12 SP1
4.8.6-4.1
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-2.6
fixed
suse enterprise server 12 SP1
4.8.6-4.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
suse enterprise workstation 12
4.8.6-2.6
fixed
suse enterprise workstation 12 SP1
4.8.6-4.1
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.7-8.8.1
fixed
libqt4-sql-unixODBC-32bit
suse enterprise desktop 12
4.8.6-2.6
fixed
suse enterprise desktop 12 SP1
4.8.6-4.1
fixed
suse enterprise desktop 12 SP2
4.8.6-7.1
fixed
suse enterprise desktop 12 SP3
4.8.6-7.1
fixed
suse enterprise desktop 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12
4.8.6-2.6
fixed
suse enterprise sap 12 SP1
4.8.6-4.1
fixed
suse enterprise sap 12 SP2
4.8.6-7.1
fixed
suse enterprise sap 12 SP3
4.8.6-7.1
fixed
suse enterprise sap 12 SP4
4.8.7-8.8.1
fixed
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12
4.8.6-2.6
fixed
suse enterprise server 12 SP1
4.8.6-4.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
suse enterprise workstation 12
4.8.6-2.6
fixed
suse enterprise workstation 12 SP1
4.8.6-4.1
fixed
suse enterprise workstation 12 SP2
4.8.6-7.1
fixed
suse enterprise workstation 12 SP3
4.8.6-7.1
fixed
suse enterprise workstation 12 SP4
4.8.7-8.8.1
fixed
suse enterprise workstation 12 SP5
4.8.7-8.8.1
fixed
libqt4-x11
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
libqt4-x11-32bit
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.1
fixed
suse enterprise server 12 SP3
4.8.6-7.1
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
qt4-x11-tools
suse enterprise sap 12 SP5
4.8.7-8.8.1
fixed
suse enterprise server 12 SP2
4.8.6-7.3
fixed
suse enterprise server 12 SP3
4.8.6-7.3
fixed
suse enterprise server 12 SP4
4.8.7-8.8.1
fixed
suse enterprise server 12 SP5
4.8.7-8.8.1
fixed
Common Weakness Enumeration
References
http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html
http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
http://secunia.com/advisories/56008
http://secunia.com/advisories/56166
http://www.ubuntu.com/usn/USN-2057-1
https://codereview.qt-project.org/#change%2C71010
https://codereview.qt-project.org/#change%2C71368
http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html
http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
http://secunia.com/advisories/56008
http://secunia.com/advisories/56166
http://www.ubuntu.com/usn/USN-2057-1
https://codereview.qt-project.org/#change%2C71010
https://codereview.qt-project.org/#change%2C71368