The Kleopatra component prior to 3.1.12 (and prior to 20.07.80) for GnuPG allows remote malicious users to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kleopatra project kleopatra |
||
fedoraproject fedora 32 |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |