July 18, 2023 by Andy Shaw | Comments
A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-38197.
QXmlStreamReader can freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body.
Solution: Apply the attached patch or update to Qt 5.15.15, Qt 6.2.10, or Qt 6.5.3. Note that the previous security advisory patch for QXmlStreamReader needs to be applied previously in addition before applying this one.
Patches:
dev: https://codereview.qt-project.org/c/qt/qtbase/+/488960
Qt 6.5: https://codereview.qt-project.org/c/qt/qtbase/+/490550 or https://download.qt.io/official_releases/qt/6.5/CVE-2023-38197-qtbase-6.5.diff
Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2023-38197-qtbase-6.2.diff
Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2023-38197-qtbase-5.15.diff
Download the latest release here: www.qt.io/download.
Qt 6.5 is the latest Long-Term-Support release with all you need for C++ cross-platform app development.
Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.
Sep 22, 2023
An issue on Windows with the GDI font engine has been reported and has..
Sep 5, 2023
We are happy to announce the release of the Qt Visual Studio Tools version..
Jul 7, 2023
A recently reported potential buffer overflow issue in QXmlStreamReader..
Qt Group includes The Qt Company Oy and its global subsidiaries and affiliates.