QtCore: Denial of Service
Gentoo Linux Security Advisory
||GLSA 201403-04 / qt-core
||March 13, 2014
||March 13, 2014: 1
All supported architectures
A vulnerability in QXmlSimpleReader class can be used to cause a
Denial of Service condition.
The Qt toolkit is a comprehensive C++ application development framework.
A vulnerability in QXmlSimpleReader’s XML entity parsing has been
A remote attacker could entice a user to open a specially crafted XML
file using an application linked against QtCore, possibly resulting in
Denial of Service.
There is no known workaround at this time.
All QtCore users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.5-r1"
Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying these packages.