vulnerability
Oracle Linux: CVE-2023-38197: ELSA-2023-6369: qt5 security and bug fix update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jul 12, 2023 | Nov 16, 2023 | Dec 3, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jul 12, 2023
Added
Nov 16, 2023
Modified
Dec 3, 2025
Description
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.
A vulnerability was found in Qtbase, where it is vulnerable to a denial of service caused by an infinite loop flaw in the QXmlStreamReader() function. This flaw occurs because the QXmlStreamReader function accepts multiple DOCTYPE elements containing DTD fragments in the XML prolog and the XML body. Well-formed but invalid XML files - with multiple DTD fragments in prolog and body, combined with recursive entity expansions, causes infinite loops in QXmlStreamReader. By persuading a victim to open specially crafted XML content, an attacker can cause a denial of service condition.
A vulnerability was found in Qtbase, where it is vulnerable to a denial of service caused by an infinite loop flaw in the QXmlStreamReader() function. This flaw occurs because the QXmlStreamReader function accepts multiple DOCTYPE elements containing DTD fragments in the XML prolog and the XML body. Well-formed but invalid XML files - with multiple DTD fragments in prolog and body, combined with recursive entity expansions, causes infinite loops in QXmlStreamReader. By persuading a victim to open specially crafted XML content, an attacker can cause a denial of service condition.
Solutions
oracle-linux-upgrade-adwaita-qt5oracle-linux-upgrade-libadwaita-qt5oracle-linux-upgrade-python3-pyqt5-siporacle-linux-upgrade-python3-qt5oracle-linux-upgrade-python3-qt5-baseoracle-linux-upgrade-python3-qt5-develoracle-linux-upgrade-python-qt5-rpm-macrosoracle-linux-upgrade-qgnomeplatformoracle-linux-upgrade-qt5oracle-linux-upgrade-qt5-assistantoracle-linux-upgrade-qt5-designeroracle-linux-upgrade-qt5-develoracle-linux-upgrade-qt5-doctoolsoracle-linux-upgrade-qt5-linguistoracle-linux-upgrade-qt5-qdbusvieweroracle-linux-upgrade-qt5-qt3doracle-linux-upgrade-qt5-qt3d-develoracle-linux-upgrade-qt5-qt3d-docoracle-linux-upgrade-qt5-qt3d-examplesoracle-linux-upgrade-qt5-qtbaseoracle-linux-upgrade-qt5-qtbase-commonoracle-linux-upgrade-qt5-qtbase-develoracle-linux-upgrade-qt5-qtbase-docoracle-linux-upgrade-qt5-qtbase-examplesoracle-linux-upgrade-qt5-qtbase-guioracle-linux-upgrade-qt5-qtbase-mysqloracle-linux-upgrade-qt5-qtbase-odbcoracle-linux-upgrade-qt5-qtbase-postgresqloracle-linux-upgrade-qt5-qtbase-private-develoracle-linux-upgrade-qt5-qtbase-staticoracle-linux-upgrade-qt5-qtconnectivityoracle-linux-upgrade-qt5-qtconnectivity-develoracle-linux-upgrade-qt5-qtconnectivity-docoracle-linux-upgrade-qt5-qtconnectivity-examplesoracle-linux-upgrade-qt5-qtdeclarativeoracle-linux-upgrade-qt5-qtdeclarative-develoracle-linux-upgrade-qt5-qtdeclarative-docoracle-linux-upgrade-qt5-qtdeclarative-examplesoracle-linux-upgrade-qt5-qtdeclarative-staticoracle-linux-upgrade-qt5-qtdocoracle-linux-upgrade-qt5-qtgraphicaleffectsoracle-linux-upgrade-qt5-qtgraphicaleffects-docoracle-linux-upgrade-qt5-qtimageformatsoracle-linux-upgrade-qt5-qtimageformats-docoracle-linux-upgrade-qt5-qtlocationoracle-linux-upgrade-qt5-qtlocation-develoracle-linux-upgrade-qt5-qtlocation-docoracle-linux-upgrade-qt5-qtlocation-examplesoracle-linux-upgrade-qt5-qtmultimediaoracle-linux-upgrade-qt5-qtmultimedia-develoracle-linux-upgrade-qt5-qtmultimedia-docoracle-linux-upgrade-qt5-qtmultimedia-examplesoracle-linux-upgrade-qt5-qtquickcontrolsoracle-linux-upgrade-qt5-qtquickcontrols2oracle-linux-upgrade-qt5-qtquickcontrols2-develoracle-linux-upgrade-qt5-qtquickcontrols2-docoracle-linux-upgrade-qt5-qtquickcontrols2-examplesoracle-linux-upgrade-qt5-qtquickcontrols-docoracle-linux-upgrade-qt5-qtquickcontrols-examplesoracle-linux-upgrade-qt5-qtscriptoracle-linux-upgrade-qt5-qtscript-develoracle-linux-upgrade-qt5-qtscript-docoracle-linux-upgrade-qt5-qtscript-examplesoracle-linux-upgrade-qt5-qtsensorsoracle-linux-upgrade-qt5-qtsensors-develoracle-linux-upgrade-qt5-qtsensors-docoracle-linux-upgrade-qt5-qtsensors-examplesoracle-linux-upgrade-qt5-qtserialbusoracle-linux-upgrade-qt5-qtserialbus-develoracle-linux-upgrade-qt5-qtserialbus-docoracle-linux-upgrade-qt5-qtserialbus-examplesoracle-linux-upgrade-qt5-qtserialportoracle-linux-upgrade-qt5-qtserialport-develoracle-linux-upgrade-qt5-qtserialport-docoracle-linux-upgrade-qt5-qtserialport-examplesoracle-linux-upgrade-qt5-qtsvgoracle-linux-upgrade-qt5-qtsvg-develoracle-linux-upgrade-qt5-qtsvg-docoracle-linux-upgrade-qt5-qtsvg-examplesoracle-linux-upgrade-qt5-qttoolsoracle-linux-upgrade-qt5-qttools-commonoracle-linux-upgrade-qt5-qttools-develoracle-linux-upgrade-qt5-qttools-docoracle-linux-upgrade-qt5-qttools-examplesoracle-linux-upgrade-qt5-qttools-libs-designeroracle-linux-upgrade-qt5-qttools-libs-designercomponentsoracle-linux-upgrade-qt5-qttools-libs-helporacle-linux-upgrade-qt5-qttools-staticoracle-linux-upgrade-qt5-qttranslationsoracle-linux-upgrade-qt5-qtwaylandoracle-linux-upgrade-qt5-qtwayland-develoracle-linux-upgrade-qt5-qtwayland-docoracle-linux-upgrade-qt5-qtwayland-examplesoracle-linux-upgrade-qt5-qtwebchanneloracle-linux-upgrade-qt5-qtwebchannel-develoracle-linux-upgrade-qt5-qtwebchannel-docoracle-linux-upgrade-qt5-qtwebchannel-examplesoracle-linux-upgrade-qt5-qtwebsocketsoracle-linux-upgrade-qt5-qtwebsockets-develoracle-linux-upgrade-qt5-qtwebsockets-docoracle-linux-upgrade-qt5-qtwebsockets-examplesoracle-linux-upgrade-qt5-qtx11extrasoracle-linux-upgrade-qt5-qtx11extras-develoracle-linux-upgrade-qt5-qtx11extras-docoracle-linux-upgrade-qt5-qtxmlpatternsoracle-linux-upgrade-qt5-qtxmlpatterns-develoracle-linux-upgrade-qt5-qtxmlpatterns-docoracle-linux-upgrade-qt5-qtxmlpatterns-examplesoracle-linux-upgrade-qt5-rpm-macrosoracle-linux-upgrade-qt5-srpm-macros
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.