Security advisory: QXmlStreamReader

A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-37369

When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash.

Solution: Validate any XML being passed to QXmlStreamReader that is not already trusted. Alternatively apply the attached patch or update to Qt 5.15.15, Qt 6.2.10, or Qt 6.5.2


Qt 6.5: or
Qt 6.2:
Qt 5.15:

Blog Topics: