Vulnerabilities > CVE-2015-9541 - XML Entity Expansion vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
qt
fedoraproject
CWE-776
nessus

Summary

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1323.NASL
    descriptionAccording to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.(CVE-2015-9541) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-03-23
    plugin id134814
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134814
    titleEulerOS 2.0 SP5 : qt (EulerOS-SA-2020-1323)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-3069E44BE5.NASL
    descriptionSecurity fix for CVE-2015-9541 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-04-27
    plugin id135990
    published2020-04-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135990
    titleFedora 31 : qt5-qtbase (2020-3069e44be5)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1299.NASL
    descriptionAccording to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.(CVE-2015-9541) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-03-23
    plugin id134791
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134791
    titleEulerOS 2.0 SP8 : qt (EulerOS-SA-2020-1299)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1431.NASL
    descriptionAccording to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.(CVE-2015-9541) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-04-15
    plugin id135560
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135560
    titleEulerOS 2.0 SP3 : qt (EulerOS-SA-2020-1431)