Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-47417

exponential entity expansion attack using svg

    XMLWordPrintable

Details

    • fd4be84d23a0db4186cb42e736a9de3af722c7f7 (qt/qtbase/dev) f432c08882ffebe5074ea28de871559a98a4d094 (qt/qtbase/5.12.8)

    Description

      a svg can be made to contain a xml bomb (https://en.wikipedia.org/wiki/Billion_laughs).
      When Qt tries to parse the svg an out of memory situation may occur. I.e. no detection of reference loops exist.

      Attachments

        1. example.cpp
          1 kB
        2. example1.cpp
          1 kB
        3. main.cpp
          1 kB

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-50748 XMLStreamReader vulnerable to XML 'bomb'

          • Not Evaluated - Not yet evaluated/prioritized
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-82153 Exponential use node instantiation in SVG

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed

          Activity

            People

              laknoll Lars Knoll
              Henga Henga Morry
              Votes:
              3 Vote for this issue
              Watchers:
              17 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: