Security Vulnerabilities in QT modules

[claudiudc]

Hello,
Our security department from our company is constantly scanning for vulnerability the tools that we use.
Unfortunately we got a possible red flag on DIE tool and we will not be able to use it due to following security vulnerabilities present in QT side:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32763

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.

Affected modules:
DIE/Qt6Widgets.dll
DIE/Qt6Svg.dll
DIE/Qt6Qml.dll
DIE/Qt6Network.dll
DIE/Qt6Gui.dll
DIE/Qt6Core.dll

Will it be possible to upgrade QT version used by DIE to 6.2.9/6.5.1 or higher or provide a temporary pre-release that is using a new version of qt?

Thank you.

[horsicq]

Hello. Thanks a lot for your bugfeport!
I will release a new version of DiE in 1-2 weeks

[claudiudc]

Thank you so much.