CVE-2023-38197
- Source
- https://cve.org/CVERecord?id=CVE-2023-38197
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38197.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-38197
- Downstream
- Related
- Published
- 2023-07-13T02:15:09.677Z
- Modified
- 2026-02-03T07:35:58.350612Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
- References
-
- https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/
- https://codereview.qt-project.org/c/qt/qtbase/+/488960
Affected packages
Git / github.com/qt/qt5
Git / github.com/qt/qtbase
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"source": "https://github.com/qt/qtbase/commit/372eaedc5b8c771c46acc4c96e91bbade4ca3624",
"target": {
"file": "src/corelib/itemmodels/qitemselectionmodel.cpp",
"function": "QItemSelectionModelPrivate::initModel"
},
"id": "CVE-2023-38197-13167ccd",
"signature_version": "v1",
"digest": {
"function_hash": "38259293548902737777275712752331343392",
"length": 1886.0
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://github.com/qt/qtbase/commit/372eaedc5b8c771c46acc4c96e91bbade4ca3624",
"target": {
"file": "src/corelib/itemmodels/qitemselectionmodel.cpp"
},
"id": "CVE-2023-38197-33ee196f",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"87361980673766272267219738812171569415",
"205524495854561398802234511811516116091",
"196697108956812034362302347937410944742",
"61748281403189272026466914579964218575",
"86554005527345536180803463393829569588",
"138972697849049708373997816242949305863",
"39658990249987524557285517040476549389",
"91037344694848986727600386580410212812",
"85752268986580132659688941271689316652",
"293640252404270675870626936474950913553",
"184571535668388517638634745445475766913",
"35388671131273319527596436102983390680",
"284303280828705192729204731703242024651",
"316507940730145078340475632468012846228"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://github.com/qt/qtbase/commit/372eaedc5b8c771c46acc4c96e91bbade4ca3624",
"target": {
"file": "src/corelib/itemmodels/qitemselectionmodel.cpp",
"function": "QItemSelectionModelPrivate::disconnectModel"
},
"id": "CVE-2023-38197-67669c6f",
"signature_version": "v1",
"digest": {
"function_hash": "153772929723627036583640333571744381705",
"length": 239.0
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://github.com/qt/qtbase/commit/372eaedc5b8c771c46acc4c96e91bbade4ca3624",
"target": {
"file": "tests/auto/corelib/itemmodels/qitemselectionmodel/tst_qitemselectionmodel.cpp"
},
"id": "CVE-2023-38197-840f43c8",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"288006492465818663008628430064770650281",
"20574375947787686126921422720784265935",
"168486689155343824614617482142165887338",
"237927361158180293105380322227781034941",
"91048025042654194263877087798053120381",
"231480675520447089506303661913067745474"
]
},
"deprecated": false
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38197.json"