Qt World Summit 2023: Berlin awaits! Join us now
最新版Qt 6.3已正式发布。 了解更多。
最新バージョンQt6.5がご利用いただけます。 詳細はこちら

Security advisory: QXmlStreamReader

A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-38197.

QXmlStreamReader can freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body.

Solution: Apply the attached patch or update to Qt 5.15.15, Qt 6.2.10, or Qt 6.5.3. Note that the previous security advisory patch for QXmlStreamReader needs to be applied previously in addition before applying this one.

Patches:
dev: https://codereview.qt-project.org/c/qt/qtbase/+/488960
Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/490550 or https://download.qt.io/official_releases/qt/6.5/CVE-2023-38197-qtbase-6.5.diff
Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2023-38197-qtbase-6.2.diff
Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2023-38197-qtbase-5.15.diff


Blog Topics:

Comments