The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
CVSS Score
5.0
EPSS Score
0.026
Published
2015-03-25
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
CVSS Score
5.0
EPSS Score
0.052
Published
2013-12-23