{"id":"CVE-2023-38197","details":"An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.","modified":"2026-03-20T12:29:20.380556Z","published":"2023-07-13T02:15:09.677Z","related":["ALSA-2023:6369","ALSA-2023:6967","SUSE-SU-2023:2971-1","SUSE-SU-2023:2982-1","SUSE-SU-2023:3018-1","SUSE-SU-2023:3207-1","SUSE-SU-2023:3225-1","SUSE-SU-2023:3380-1","SUSE-SU-2023:4622-1","SUSE-SU-2025:02968-1","openSUSE-SU-2024:13079-1","openSUSE-SU-2024:13377-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5C3NYVJ73ITE6HUOVVHBUAGORVEJRHO/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEGQ6DFTL2BEJMHCD5FJGI6XLWQI7UEA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFZORZYCMUZZFIOEZICJ7VH2BZIGY3HV/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00027.html"},{"type":"FIX","url":"https://codereview.qt-project.org/c/qt/qtbase/+/488960"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qt/qtbase","events":[{"introduced":"0"},{"fixed":"ca725ad9c5331a657c328bf624f2b0b713623276"},{"introduced":"fc9cda5f08ac848e88f63dd4a07c08b2fbc6bf17"},{"fixed":"017d80e12fa50c50fa6751a039d3a7c9e799f34c"},{"introduced":"9554d315aa74eaba1726405ee09117e2ebc6111f"},{"fixed":"372eaedc5b8c771c46acc4c96e91bbade4ca3624"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.15.15"},{"introduced":"6.0.0"},{"fixed":"6.2.10"},{"introduced":"6.3.0"},{"fixed":"6.5.3"}]}}],"database_specific":{"vanir_signatures":[{"id":"CVE-2023-38197-13167ccd","deprecated":false,"signature_version":"v1","source":"https://github.com/qt/qtbase/commit/372eaedc5b8c771c46acc4c96e91bbade4ca3624","digest":{"function_hash":"38259293548902737777275712752331343392","length":1886},"signature_type":"Function","target":{"function":"QItemSelectionModelPrivate::initModel","file":"src/corelib/itemmodels/qitemselectionmodel.cpp"}},{"id":"CVE-2023-38197-33ee196f","deprecated":false,"signature_version":"v1","source":"https://github.com/qt/qtbase/commit/372eaedc5b8c771c46acc4c96e91bbade4ca3624","digest":{"threshold":0.9,"line_hashes":["87361980673766272267219738812171569415","205524495854561398802234511811516116091","196697108956812034362302347937410944742","61748281403189272026466914579964218575","86554005527345536180803463393829569588","138972697849049708373997816242949305863","39658990249987524557285517040476549389","91037344694848986727600386580410212812","85752268986580132659688941271689316652","293640252404270675870626936474950913553","184571535668388517638634745445475766913","35388671131273319527596436102983390680","284303280828705192729204731703242024651","316507940730145078340475632468012846228"]},"signature_type":"Line","target":{"file":"src/corelib/itemmodels/qitemselectionmodel.cpp"}},{"id":"CVE-2023-38197-67669c6f","deprecated":false,"signature_version":"v1","source":"https://github.com/qt/qtbase/commit/372eaedc5b8c771c46acc4c96e91bbade4ca3624","digest":{"function_hash":"153772929723627036583640333571744381705","length":239},"signature_type":"Function","target":{"function":"QItemSelectionModelPrivate::disconnectModel","file":"src/corelib/itemmodels/qitemselectionmodel.cpp"}},{"id":"CVE-2023-38197-840f43c8","deprecated":false,"signature_version":"v1","source":"https://github.com/qt/qtbase/commit/372eaedc5b8c771c46acc4c96e91bbade4ca3624","digest":{"threshold":0.9,"line_hashes":["288006492465818663008628430064770650281","20574375947787686126921422720784265935","168486689155343824614617482142165887338","237927361158180293105380322227781034941","91048025042654194263877087798053120381","231480675520447089506303661913067745474"]},"signature_type":"Line","target":{"file":"tests/auto/corelib/itemmodels/qitemselectionmodel/tst_qitemselectionmodel.cpp"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38197.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}