MGASA-2014-0263

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0263.html

Import Source

https://advisories.mageia.org/MGASA-2014-0263.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0263

Related

Published

2014-06-18T18:02:44Z

Modified

2014-06-18T18:02:39Z

Summary

Updated qt3 packages fix security vulnerabilities

Details

Updated qt3 packages fix security vulnerabilities:

QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed (CVE-2013-4549).

A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash (CVE-2014-0190)..

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / qt3

Package

Name: qt3
Purl: pkg:rpm/mageia/qt3?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.8b-33.2.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / qt3

Package

Name: qt3
Purl: pkg:rpm/mageia/qt3?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.8b-32.1.mga3

Ecosystem specific

{
    "section": "core"
}