{"id":"MGASA-2014-0263","summary":"Updated qt3 packages fix security vulnerabilities","details":"Updated qt3 packages fix security vulnerabilities:\n\nQXmlSimpleReader in Qt versions prior to 5.2 supports expansion of\ninternal entities in XML documents without placing restrictions to\nensure the document does not cause excessive memory usage. If an\napplication using this API processes untrusted data then the\napplication may use unexpected amounts of memory if a malicious\ndocument is processed (CVE-2013-4549).\n\nA NULL pointer dereference flaw was found in QGIFFormat::fillRect in\nQtGui. If an application using the qt-x11 libraries opened a malicious\nGIF file with invalid width and height values, it could cause the\napplication to crash (CVE-2014-0190)..\n","modified":"2026-04-16T01:46:43.048985435Z","published":"2014-06-18T18:02:44Z","upstream":["CVE-2013-4549","CVE-2014-0190"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0263.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13509"},{"type":"WEB","url":"http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"},{"type":"WEB","url":"http://lists.qt-project.org/pipermail/announce/2014-April/000045.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127076.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html"},{"type":"ADVISORY","url":"http://advisories.mageia.org/MGASA-2014-0009.html"},{"type":"ADVISORY","url":"http://advisories.mageia.org/MGASA-2014-0240.html"}],"affected":[{"package":{"name":"qt3","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/qt3?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.8b-32.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0263.json"}},{"package":{"name":"qt3","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/qt3?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.8b-33.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0263.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}