In KDE Frameworks KConfig prior to 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kde kconfig |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
opensuse backports sle 15.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.04 |
||
canonical ubuntu linux 16.04 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |