CVE-2019-14744

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KDE Frameworks KConfig versions prior to 5.61.0

Description The issue relates to the mishandling of .desktop and .directory files by libKF5ConfigCore.so, allowing code execution with minimal user interaction. This can be achieved by including a shell command on an Icon line in a .desktop file. The vulnerability is associated with insufficient input validation, which can be exploited by an attacker to gain unauthorized access to information, cause a denial of service, or impact the availability of information using malicious desktop files.

Recommendations For versions prior to 5.61.0, update to version 5.61.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of .desktop and .directory files to minimize the risk of exploitation. Avoid using potentially malicious files until the issue is resolved.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

ALT-PU-2019-2412

ALT-PU-2019-2413

ALT-PU-2019-2470

ALT-PU-2019-2476

BDU:2019-03649

CESA-2019_2606

CVE-2019-14744

DLA-1890-1

DSA-4494-1

MGASA-2019-0278

MGASA-2019-0378

OESA-2021-1295

OPENSUSE-SU-2019:1851-1

OPENSUSE-SU-2019:1851-2

OPENSUSE-SU-2019:1855-1

OPENSUSE-SU-2019:1898-1

OPENSUSE-SU-2019_1851-1

OPENSUSE-SU-2024:10889-1

RHSA-2019:2606

RHSA-2019_2606

RHSA-2020:2833

USN-4100-1

Affected Products

Alt Linux

Centos

Kde Frameworks Kconfig

Red Hat

Suse

Ubuntu

CVE-2019-14744

Weakness Enumeration

Related Identifiers

Affected Products

References · 89