1047443 – calligra: billion laughs DoS attack

Bug 1047443 - calligra: billion laughs DoS attack

Summary: calligra: billion laughs DoS attack

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1046440
Blocks:
TreeView+	depends on / blocked

Reported:	2013-12-31 07:02 UTC by Ratul Gupta
Modified:	2021-10-20 10:42 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2021-10-20 10:42:53 UTC
Embargoed:

Attachments	(Terms of Use)
Test File to reproduce this bug. (2.70 KB, application/x-kspread) 2013-12-31 07:09 UTC, Ratul Gupta	no flags	Details
View All

Description Ratul Gupta 2013-12-31 07:02:45 UTC

A flaw was discovered in the Calligra Sheets of Calligra Suite, where it can be DoS'd via XML entity attack, which can cause the application to consume excessive machine resources and can lead to the crashing of the application.

Comment 2 Ratul Gupta 2013-12-31 07:09:28 UTC

Created attachment 843638 [details]
Test File to reproduce this bug.

This file, when opened in Calligra sheets, leads to hogging of machine resources and ultimately crashes the application.

Source:
http://search.cpan.org/src/DDICK/Spreadsheet-CSV-0.07/t/data/bombs/maindoc.ksp

Comment 5 Tomas Hoger 2014-05-16 09:15:03 UTC

This issue is already public via upstream bug:

https://bugs.kde.org/show_bug.cgi?id=331869

Note You need to log in before you can comment on or make changes to this bug.