Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. References: https://bugreports.qt.io/browse/QTBUG-47417
Created qt5 tracking bugs for this issue: Affects: fedora-all [bug 1801370]
Upstream fix: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f432c08882ffebe5074ea28de871559a98a4d094
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2015-9541
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4690 https://access.redhat.com/errata/RHSA-2020:4690