UBUNTU-CVE-2013-4549

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2013-4549
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-4549.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2013-4549
Upstream
Related
  • USN-2057-1
Published
2013-12-05T00:00:00Z
Modified
2025-09-08T16:43:04Z
Severity
  • Ubuntu - medium
Summary
[none]
Details

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.

References

Affected packages

Ubuntu:14.04:LTS / qt4-x11

Package

Name
qt4-x11
Purl
pkg:deb/ubuntu/qt4-x11@4:4.8.4+dfsg-0ubuntu20?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:4.8.4+dfsg-0ubuntu20

Affected versions

4:4.*

4:4.8.4+dfsg-0ubuntu18
4:4.8.4+dfsg-0ubuntu19

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-assistant"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-core"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-dbus"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-declarative"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-declarative-folderlistmodel"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-declarative-gestures"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-declarative-particles"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-declarative-shaders"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-designer"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-dev"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-dev-bin"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-gui"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-help"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-network"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-opengl"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-opengl-dev"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-private-dev"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-qt3support"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-script"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-scripttools"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-sql"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-sql-mysql"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-sql-odbc"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-sql-psql"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-sql-sqlite"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-sql-tds"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-svg"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-test"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-webkit"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-xml"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqt4-xmlpatterns"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqtcore4"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "libqtgui4"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "qdbus"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "qt4-default"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "qt4-demos"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "qt4-designer"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "qt4-dev-tools"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "qt4-doc-html"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "qt4-linguist-tools"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "qt4-qmake"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "qt4-qmlviewer"
        },
        {
            "binary_version": "4:4.8.4+dfsg-0ubuntu20",
            "binary_name": "qt4-qtconfig"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:14.04:LTS / qtbase-opensource-src

Package

Name
qtbase-opensource-src
Purl
pkg:deb/ubuntu/qtbase-opensource-src@5.0.2+dfsg1-7ubuntu13?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.2+dfsg1-7ubuntu13

Affected versions

5.*

5.0.2+dfsg1-7ubuntu11
5.0.2+dfsg1-7ubuntu12

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5concurrent5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5core5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5dbus5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5gui5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5network5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5opengl5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5opengl5-dev"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5printsupport5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5sql5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5sql5-mysql"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5sql5-odbc"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5sql5-psql"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5sql5-sqlite"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5sql5-tds"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5test5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5widgets5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "libqt5xml5"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "qt5-default"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "qt5-qmake"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "qtbase5-dev"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "qtbase5-dev-tools"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "qtbase5-doc-html"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "qtbase5-examples"
        },
        {
            "binary_version": "5.0.2+dfsg1-7ubuntu13",
            "binary_name": "qtbase5-private-dev"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:Pro:14.04:LTS / phantomjs

Package

Name
phantomjs
Purl
pkg:deb/ubuntu/phantomjs@1.9.0-1ubuntu0.1~esm1?arch=source&distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0-1ubuntu0.1~esm1

Affected versions

1.*

1.9.0-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.9.0-1ubuntu0.1~esm1",
            "binary_name": "phantomjs"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}