Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-4549

Published: 23/12/2013 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Qt

Vulnerability Summary

QXmlSimpleReader in Qt prior to 5.2 allows context-dependent malicious users to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

digia qt

qt qt 5.0.2

Vendor Advisories

Debian CVElist Bug Report Logs: libqt4-xml: vulnerable to billion laughs attack (CVE-2013-4549)
Debian Bug report logs - #750141 libqt4-xml: vulnerable to billion laughs attack (CVE-2013-4549) Package: libqt4-xml; Maintainer for libqt4-xml is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Source for libqt4-xml is src:qt4-x11 (PTS, buildd, popcon) Reported by: Hamish Moffatt <hamish@debianorg> Date ...
Ubuntu Security Notice: qt4-x11, qtbase-opensource-src vulnerability
Qt could be made to consume resources and hang if it processed XML data ...
Red Hat: CVE-2013-4549
QXmlSimpleReader in Qt before 52 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack ...

References

CWE-20http://secunia.com/advisories/56166http://lists.qt-project.org/pipermail/announce/2013-December/000036.htmlhttp://www.ubuntu.com/usn/USN-2057-1http://secunia.com/advisories/56008http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00047.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00104.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00085.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00106.htmlhttp://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.htmlhttps://codereview.qt-project.org/#change%2C71010https://codereview.qt-project.org/#change%2C71368https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750141https://usn.ubuntu.com/2057-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-4549
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook