CVE 2013-4549
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
Related bugs and status
CVE-2013-4549 (Candidate) is related to these bugs:
Bug #1157213: Port appmenu support to Qt5 QPA
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1157213 | Port appmenu support to Qt5 QPA | qtbase-opensource-src (Ubuntu) | High | Fix Released | ||
| 1157213 | Port appmenu support to Qt5 QPA | appmenu-qt | High | Won't Fix | ||
| 1157213 | Port appmenu support to Qt5 QPA | appmenu-qt5 | High | Fix Released | ||
Bug #1217331: ui-toolkit fails some tests against Qt 5.1.1
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1217331 | ui-toolkit fails some tests against Qt 5.1.1 | Ubuntu UI Toolkit | High | Fix Released | ||
| 1217331 | ui-toolkit fails some tests against Qt 5.1.1 | qtbase-opensource-src (Ubuntu) | High | Fix Released | ||
| 1217331 | ui-toolkit fails some tests against Qt 5.1.1 | qtdeclarative-opensource-src (Ubuntu) | High | Fix Released | ||
Bug #1222988: Shell crashes when closing apps with Qt 5.1.1
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1222988 | Shell crashes when closing apps with Qt 5.1.1 | unity8 (Ubuntu) | Critical | Invalid | ||
| 1222988 | Shell crashes when closing apps with Qt 5.1.1 | qtbase-opensource-src (Ubuntu) | Critical | Fix Released | ||
Bug #1223032: Shell crashes when swiping the greeter with Qt 5.1.1
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1223032 | Shell crashes when swiping the greeter with Qt 5.1.1 | qtbase-opensource-src (Ubuntu) | Critical | Fix Released | ||
| 1223032 | Shell crashes when swiping the greeter with Qt 5.1.1 | unity8 (Ubuntu) | Critical | Invalid | ||
Bug #1223042: Camera crashes when taking pictures with qt5.1.1
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1223042 | Camera crashes when taking pictures with qt5.1.1 | camera-app (Ubuntu) | High | Fix Released | ||
| 1223042 | Camera crashes when taking pictures with qt5.1.1 | qtbase-opensource-src (Ubuntu) | Undecided | Fix Released | ||
Bug #1242630: Remove fix_rowinserted.patch from local patches
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1242630 | Remove fix_rowinserted.patch from local patches | qtbase-opensource-src (Ubuntu) | Undecided | Fix Released | ||
Bug #1243239: Hidden windows of Qt 5 applications are visible
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1243239 | Hidden windows of Qt 5 applications are visible | qtbase-opensource-src (Ubuntu) | Undecided | Fix Released | ||
Bug #1251262: Qt5 windows may be randomly unmapped due to assumption sizeof(long)==4
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1251262 | Qt5 windows may be randomly unmapped due to assumption sizeof(long)==4 | qtbase-opensource-src (Ubuntu) | Undecided | Fix Released | ||
Bug #1253120: Enable build of egl on desktop gl in Qt 5.2
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1253120 | Enable build of egl on desktop gl in Qt 5.2 | qtbase-opensource-src (Ubuntu) | Undecided | Fix Released | ||
Bug #1256341: Incorrect timezone displayed in System Settings
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1256341 | Incorrect timezone displayed in System Settings | ubuntu-system-settings (Ubuntu) | Undecided | Invalid | ||
| 1256341 | Incorrect timezone displayed in System Settings | qtbase-opensource-src (Ubuntu) | Medium | Fix Released | ||
Bug #1259577: Security: XML Entity Expansion Denial of Service
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1259577 | Security: XML Entity Expansion Denial of Service | qt4-x11 (Ubuntu) | Undecided | Fix Released | ||
| 1259577 | Security: XML Entity Expansion Denial of Service | qtbase-opensource-src (Ubuntu) | Undecided | Fix Released | ||
| 1259577 | Security: XML Entity Expansion Denial of Service | qt4-x11 (Ubuntu Precise) | Undecided | Fix Released | ||
| 1259577 | Security: XML Entity Expansion Denial of Service | qt4-x11 (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1259577 | Security: XML Entity Expansion Denial of Service | qt4-x11 (Ubuntu Trusty) | Undecided | Fix Released | ||
| 1259577 | Security: XML Entity Expansion Denial of Service | qtbase-opensource-src (Ubuntu Trusty) | Undecided | Fix Released | ||
| 1259577 | Security: XML Entity Expansion Denial of Service | qt4-x11 (Ubuntu Saucy) | Undecided | Fix Released | ||
| 1259577 | Security: XML Entity Expansion Denial of Service | qtbase-opensource-src (Ubuntu Saucy) | Undecided | Fix Released | ||
| 1259577 | Security: XML Entity Expansion Denial of Service | qt4-x11 (Ubuntu Raring) | Undecided | Fix Released | ||
| 1259577 | Security: XML Entity Expansion Denial of Service | qtbase-opensource-src (Ubuntu Raring) | Undecided | Fix Released | ||
Bug #1271036: libhud-qt segfault when building on amd64 against Qt 5.2
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1271036 | libhud-qt segfault when building on amd64 against Qt 5.2 | libhud Qt | Critical | Invalid | ||
| 1271036 | libhud-qt segfault when building on amd64 against Qt 5.2 | qtbase-opensource-src (Ubuntu) | Critical | Fix Released | ||
Bug #1288278: Backport Conditional jump or move depends on uninitialised value(s) fix
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1288278 | Backport Conditional jump or move depends on uninitialised value(s) fix | qtbase-opensource-src (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
