QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.

According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An issue was discovered in Qt 5.11. A malformed PPM     image causes a division by zero and a crash in     qppmhandler.cpp.(CVE-2018-19872)

  - An issue was discovered in Qt before 5.11.3. There is     QTgaFile Uncontrolled Resource     Consumption.(CVE-2018-19871)

  - Multiple buffer overflows in gui/image/qbmphandler.cpp     in the QtBase module in Qt before 4.8.7 and 5.x before     5.4.2 allow remote attackers to cause a denial of     service (segmentation fault and crash) and possibly     execute arbitrary code via a crafted BMP     image.(CVE-2015-1858)

  - Multiple buffer overflows in gui/image/qgifhandler.cpp     in the QtBase module in Qt before 4.8.7 and 5.x before     5.4.2 allow remote attackers to cause a denial of     service (segmentation fault) and possibly execute     arbitrary code via a crafted GIF image.(CVE-2015-1860)

  - Multiple buffer overflows in     plugins/imageformats/ico/qicohandler.cpp in the QtBase     module in Qt before 4.8.7 and 5.x before 5.4.2 allow     remote attackers to cause a denial of service     (segmentation fault and crash) and possibly execute     arbitrary code via a crafted ICO image.(CVE-2015-1859)

  - QXmlSimpleReader in Qt before 5.2 allows     context-dependent attackers to cause a denial of     service (memory consumption) via an XML Entity     Expansion (XEE) attack.(CVE-2013-4549)

  - QXmlStream in Qt 5.x before 5.11.3 has a double-free or     corruption during parsing of a specially crafted     illegal XML document.(CVE-2018-15518)

  - The BMP decoder in QtGui in QT before 5.5 does not     properly calculate the masks used to extract the color     components, which allows remote attackers to cause a     denial of service (divide-by-zero and crash) via a     crafted BMP file.(CVE-2015-0295)

  - The GIF decoder in QtGui in Qt before 5.3 allows remote     attackers to cause a denial of service (NULL pointer     dereference) via invalid width and height values in a     GIF image.(CVE-2014-0190)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - QXmlSimpleReader in Qt before 5.2 allows     context-dependent attackers to cause a denial of     service (memory consumption) via an XML Entity     Expansion (XEE) attack.(CVE-2013-4549)

  - An issue was discovered in Qt before 5.11.3. There is     QTgaFile Uncontrolled Resource     Consumption.(CVE-2018-19871)

  - QXmlStream in Qt 5.x before 5.11.3 has a double-free or     corruption during parsing of a specially crafted     illegal XML document.(CVE-2018-15518)

  - An issue was discovered in Qt 5.11. A malformed PPM     image causes a division by zero and a crash in     qppmhandler.cpp.(CVE-2018-19872)

  - Multiple buffer overflows in gui/image/qbmphandler.cpp     in the QtBase module in Qt before 4.8.7 and 5.x before     5.4.2 allow remote attackers to cause a denial of     service (segmentation fault and crash) and possibly     execute arbitrary code via a crafted BMP     image.(CVE-2015-1858)

  - Multiple buffer overflows in     plugins/imageformats/ico/qicohandler.cpp in the QtBase     module in Qt before 4.8.7 and 5.x before 5.4.2 allow     remote attackers to cause a denial of service     (segmentation fault and crash) and possibly execute     arbitrary code via a crafted ICO image.(CVE-2015-1859)

  - Multiple buffer overflows in gui/image/qgifhandler.cpp     in the QtBase module in Qt before 4.8.7 and 5.x before     5.4.2 allow remote attackers to cause a denial of     service (segmentation fault) and possibly execute     arbitrary code via a crafted GIF image.(CVE-2015-1860)

  - The BMP decoder in QtGui in QT before 5.5 does not     properly calculate the masks used to extract the color     components, which allows remote attackers to cause a     denial of service (divide-by-zero and crash) via a     crafted BMP file.(CVE-2015-0295)

  - The GIF decoder in QtGui in Qt before 5.3 allows remote     attackers to cause a denial of service (NULL pointer     dereference) via invalid width and height values in a     GIF image.(CVE-2014-0190)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader due to a too lenient entityCharacterLimit in our version of the patch for CVE-2013-4549. (The limit was increased from the upstream 1024 to 65536 to address QTBUG-35459, an issue where the security fix was breaking existing real-world XML files. Unfortunately, that is too much to actually fit on the CPU stack. This fix decreases the limit to 4096.)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader due to a too lenient entityCharacterLimit in our version of the patch for CVE-2013-4549. (The limit was increased from the upstream 1024 to 65536 to address QTBUG-35459, an issue where the security fix was breaking existing real-world XML files. Unfortunately, that is too much to actually fit on the CPU stack. This fix decreases the limit to 4096.)

It also fixes the QMySql driver to work with the version of MariaDB in Fedora 27.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- added patches :

  - disallow-deep-or-widely-nested-entity-references.patch:
    upstream fix for bnc#856832 and CVE-2013-4549: xml     entity expansion attacks

- Fixes XML Entity Expansion Denial of Service     (bnc#856832, CVE-2013-4549)

  - add backported patch     libqt4-disallow-deep-or-widely-nested-entity-references.
    patch

  - add backported patch     libqt4-fully-expand-all-entities.patch

Richard J. Moore reports :

QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed.

It is possible to construct XML documents using internal entities that consume large amounts of memory and other resources to process, this is known as the 'Billion Laughs' attack. Qt versions prior to 5.2 did not offer protection against this issue.

New upstream stable bugfix release, as well as a fix for :

  - DoS vulnerability in the GIF image handler (QTBUG-38367)     See also     http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-releas     ed/

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201403-04 (QtCore: Denial of Service)

    A vulnerability in QXmlSimpleReader&rsquo;s XML entity parsing has been       discovered.
  Impact :

    A remote attacker could entice a user to open a specially crafted XML       file using an application linked against QtCore, possibly resulting in       Denial of Service.
  Workaround :

    There is no known workaround at this time.

The Qt library was updated to fix a XML entity expansion attack (XXE).
(CVE-2013-4549)

This update fixes CVE-2013-4549 (XML Entity Expansion Denial of Service) in Qt 3. See the Qt Project Security Advisory for details:
http://lists.qt-project.org/pipermail/announce/2013-December/000036.ht ml

In addition, this update fixes :

  - QTBUG-35459, a too low character limit for XML entities     enforced by the fix for CVE-2013-4549 that was breaking     real-world XML files (in particular, the KatePart     Lilypond syntax highlighting description),

    - QTBUG-35460, a misspelling in the error message       produced by the CVE-2013-4549 fix when the character       limit for XML entities was exceeded,

    - some minor format string abuse that was probably not       exploitable (most instances definitely weren't).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
132191	EulerOS 2.0 SP3 : qt (EulerOS-SA-2019-2656)	Nessus	Huawei Local Security Checks	high
131873	EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)	Nessus	Huawei Local Security Checks	high
120254	Fedora 28 : qt3 (2018-17843a895b)	Nessus	Fedora Local Security Checks	medium
110425	Fedora 27 : qt3 (2018-0a0da2f3b7)	Nessus	Fedora Local Security Checks	medium
75412	openSUSE Security Update : libqt5-qtbase (openSUSE-SU-2014:0173-1)	Nessus	SuSE Local Security Checks	medium
75405	openSUSE Security Update : libqt4 (openSUSE-SU-2014:0125-1)	Nessus	SuSE Local Security Checks	medium
75390	openSUSE Security Update : libqt4 (openSUSE-SU-2014:0070-1)	Nessus	SuSE Local Security Checks	medium
75369	openSUSE Security Update : libqt4 (openSUSE-SU-2014:0067-1)	Nessus	SuSE Local Security Checks	medium
73881	FreeBSD : qt4-xml -- XML Entity Expansion Denial of Service (89709e58-d497-11e3-a3d5-5453ed2e2b49)	Nessus	FreeBSD Local Security Checks	medium
73817	Fedora 20 : qt-4.8.6-2.fc20 (2014-5695)	Nessus	Fedora Local Security Checks	medium
72997	GLSA-201403-04 : QtCore: Denial of Service	Nessus	Gentoo Local Security Checks	medium
72615	SuSE 11.3 Security Update : libQt (SAT Patch Number 8907)	Nessus	SuSE Local Security Checks	medium
72111	Fedora 19 : qt3-3.3.8b-56.fc19 (2013-22883)	Nessus	Fedora Local Security Checks	medium
72110	Fedora 20 : qt3-3.3.8b-56.fc20 (2013-22847)	Nessus	Fedora Local Security Checks	medium
71518	Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : qt4-x11, qtbase-opensource-src vulnerability (USN-2057-1)	Nessus	Ubuntu Local Security Checks	medium

Detections

Analytics

CVE-2013-4549

high

Tenable Plugins

high

high

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium