CVE-2019-14744
Description
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.309
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.16-0ubuntu3.3_i386.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.16-0ubuntu3.3_amd64.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.38-0ubuntu3.1_i386.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.38-0ubuntu3.1_amd64.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.38-0ubuntu6.1_i386.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkdecore5_4.14.38-0ubuntu6.1_amd64.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.18.0-0ubuntu1.1_i386.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.18.0-0ubuntu1.1_amd64.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.44.0-0ubuntu1.1_i386.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.44.0-0ubuntu1.1_amd64.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.56.0-0ubuntu1.1_i386.deb | Linux |
| configuration settings framework for Qt (USN-4100-1) libkf5configcore5_5.56.0-0ubuntu1.1_amd64.deb | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kdelibs-4.14.8-11.el7_7.i686.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kdelibs-4.14.8-11.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kdelibs-apidocs-4.14.8-11.el7_7.noarch.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kdelibs-common-4.14.8-11.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kdelibs-devel-4.14.8-11.el7_7.i686.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kdelibs-devel-4.14.8-11.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kdelibs-ktexteditor-4.14.8-11.el7_7.i686.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kdelibs-ktexteditor-4.14.8-11.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kde-settings-19-23.10.el7_7.noarch.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kde-settings-ksplash-19-23.10.el7_7.noarch.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kde-settings-minimal-19-23.10.el7_7.noarch.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kde-settings-plasma-19-23.10.el7_7.noarch.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update kde-settings-pulseaudio-19-23.10.el7_7.noarch.rpm | Linux |
| (RHSA-2019:2606) kdelibs and kde-settings security and bug fix update qt-settings-19-23.10.el7_7.noarch.rpm | Linux |
| (RHSA-2019:2606)Important: and kde-settings security and bug fix update kdelibs-debuginfo-4.14.8-11.el7_7.i686.rpm | Linux |
| (RHSA-2019:2606)Important: and kde-settings security and bug fix update kdelibs-debuginfo-4.14.8-11.el7_7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234