Back to search
CVE-2019-14744
Published: Aug 7, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20190808 [slackware-security] kdelibs (SSA:2019-220-01)
mailing-list
x_refsource_BUGTRAQ
DSA-4494
vendor-advisory
x_refsource_DEBIAN
20190812 [SECURITY] [DSA 4494-1] kconfig security update
mailing-list
x_refsource_BUGTRAQ
FEDORA-2019-48b691092f
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2019:1851
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1855
vendor-advisory
x_refsource_SUSE
FEDORA-2019-a746ac9c89
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2019:1898
vendor-advisory
x_refsource_SUSE
GLSA-201908-07
vendor-advisory
x_refsource_GENTOO
[debian-lts-announce] 20190818 [SECURITY] [DLA 1890-1] kde4libs security update
mailing-list
x_refsource_MLIST
FEDORA-2019-f9f78895c3
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-9f2ee52c88
vendor-advisory
x_refsource_FEDORA
USN-4100-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2019-39d23c7a94
vendor-advisory
x_refsource_FEDORA
RHSA-2019:2606
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now