Exponential XML Entity Expansion Attack in Qt through 5.14 via Crafted SVG Document

Exponential XML Entity Expansion Attack in Qt through 5.14 via Crafted SVG Document

CVE-2015-9541 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

Learn more about our Web Application Penetration Testing UK.