NOTICE

Some features on this website won't work without JavaScript such as theme toggle, search bar, and copy article.

KDE Frameworks Command Execution

HIGH CVE-2019-14744 August 7, 2019

Dominik Penner @zer0pwn

DESCRIPTION

A critical vulnerability in KDE Frameworks allows arbitrary command execution through malicious desktop files.

DETAILS

A vulnerability in KDE Frameworks allows arbitrary command execution through specially crafted .desktop files. This could allow an attacker to execute arbitrary commands with the privileges of the user running the KDE desktop environment.

AFFECTING

KDE Frameworks • ≤ 5.1.60

REFERENCES

https://kde.org/security/advisory/kde-sa-2019-14744/