Fluid Attacks Database

Description

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	qtbase-opensource-src	>=0 <5.11.3+dfsg-2	5.11.3+dfsg-2
debian 11	qtbase-opensource-src	>=0 <5.11.3+dfsg-2	5.11.3+dfsg-2
debian 12	qtbase-opensource-src	>=0 <5.11.3+dfsg-2	5.11.3+dfsg-2
debian 13	qtbase-opensource-src	>=0 <5.11.3+dfsg-2	5.11.3+dfsg-2
rpm rhel7	qt5-qtbase	<0:5.9.7-2.el7	0:5.9.7-2.el7
rpm rhel7	qt5-qtserialbus	<0:5.9.7-1.el7	0:5.9.7-1.el7
rpm rhel7	qt5-qtxmlpatterns	<0:5.9.7-1.el7	0:5.9.7-1.el7
rpm rhel7	qt5-qtgraphicaleffects	<0:5.9.7-1.el7	0:5.9.7-1.el7
rpm rhel8	qt5-qttools	<0:5.11.1-9.el8	0:5.11.1-9.el8
rpm rhel7	qt5-qt3d	<0:5.9.7-1.el7	0:5.9.7-1.el7

1-10 of 31

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.