A vulnerability in the QXmlStream component of Trolltech Qt could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to improper parsing of XML documents by QXmlStream component of the affected software. An attacker could exploit this vulnerability by persuading a user to access an XML document that submits malicious input to the targeted system. A successful exploit could trigger a double-free or memory corruption condition that the attacker could use to execute arbitrary code or cause a DoS condition.
Trolltech has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium