encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qt | Qt | * | 5.15.19 (excluding) |
| Qt | Qt | 6.0.0 (including) | 6.5.9 (excluding) |
| Qt | Qt | 6.6.0 (including) | 6.8.0 (excluding) |
| Qt6-base | Ubuntu | oracular | * |
| Qt6-base | Ubuntu | upstream | * |
| Qtbase-opensource-src | Ubuntu | devel | * |
| Qtbase-opensource-src | Ubuntu | esm-apps/focal | * |
| Qtbase-opensource-src | Ubuntu | esm-apps/jammy | * |
| Qtbase-opensource-src | Ubuntu | esm-apps/noble | * |
| Qtbase-opensource-src | Ubuntu | esm-infra/bionic | * |
| Qtbase-opensource-src | Ubuntu | esm-infra/xenial | * |
| Qtbase-opensource-src | Ubuntu | focal | * |
| Qtbase-opensource-src | Ubuntu | jammy | * |
| Qtbase-opensource-src | Ubuntu | noble | * |
| Qtbase-opensource-src | Ubuntu | oracular | * |
| Qtbase-opensource-src | Ubuntu | plucky | * |
| Qtbase-opensource-src | Ubuntu | questing | * |
| Qtbase-opensource-src-gles | Ubuntu | focal | * |
| Qtbase-opensource-src-gles | Ubuntu | oracular | * |