Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVE-2015-9541

Medium

5/10

Summary

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: NONE
Availability Impact: PARTIAL

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

References

Advisory Timeline

Published Jan 24, 2020

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVE-2015-9541

Summary

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS