CVE-2018-15518

HIGH8.8EPSS 2.3%

qtbase-opensource-src - security update

Published: 12/26/2018Modified: 4/28/2026

Description

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.

Affected packages (5)

Debian/qt4-x11from 0, < 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2
Debian/qt4-x11from 0, < 4:4.8.7+dfsg-11+deb9u1
Debian/qtbase-opensource-srcfrom 0, < 5.11.3+dfsg-2
Debian/qtbase-opensource-srcfrom 0, < 5.3.2+dfsg-4+deb8u3
Debian/qtbase-opensource-srcfrom 0, < 5.7.1+dfsg-3+deb9u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-15518