A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-37369 When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash. https://www.qt.io/blog/security-advisory-qxmlstreamreader (fixed in qtbase-6.5.2)
Created mingw-qt5-qtbase tracking bugs for this issue: Affects: fedora-all [bug 2232357] Created mingw-qt6-qtbase tracking bugs for this issue: Affects: fedora-all [bug 2232358] Created qt5-qtbase tracking bugs for this issue: Affects: fedora-all [bug 2232359] Created qt6-qtbase tracking bugs for this issue: Affects: fedora-all [bug 2232360]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6369 https://access.redhat.com/errata/RHSA-2023:6369
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6967 https://access.redhat.com/errata/RHSA-2023:6967