A vulnerability has been discovered in Qt, where a buffer overflow can lead to denial of service.
Package | dev-qt/qtbase on all architectures |
---|---|
Affected versions | < 6.5.2 |
Unaffected versions | >= 6.5.2 |
Package | dev-qt/qtcore on all architectures |
---|---|
Affected versions | < 5.15.10-r1 |
Unaffected versions | >= 5.15.10-r1 |
Qt is a cross-platform application development framework.
When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash or freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body.
Please review the referenced CVE identifiers for details.
There is no known workaround at this time.
All Qt users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-qt/qtcore-5.15.10-r1" # emerge --ask --oneshot --verbose ">=dev-qt/qtbase-6.5.2"
Release date
January 23, 2025
Latest revision
January 23, 2025: 1
Severity
normal
Exploitable
local
Bugzilla entries