PT-2021-6501 · Qt+1 · Qt+1

Published

2020-02-03

·

Updated

2021-08-19

·

CVE-2020-24742

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Qt versions 5.14.0
Description The issue is related to the QPluginLoader component of the Qt framework, which allows the loading of plugins relative to the working directory. This can be exploited by attackers to execute arbitrary code via crafted files, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service. The exploitation can be done remotely.
Recommendations For Qt version 5.14.0, update to a version where this issue has been fixed to prevent the execution of arbitrary code via crafted files. As a temporary workaround, consider restricting the loading of plugins to authorized directories to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2020-1267
ALT-PU-2020-1268
ALT-PU-2020-1269
ALT-PU-2020-1270
ALT-PU-2020-1271
ALT-PU-2020-1272
ALT-PU-2020-1273
ALT-PU-2020-1274
ALT-PU-2020-1275
ALT-PU-2020-1276
ALT-PU-2020-1277
ALT-PU-2020-1278
ALT-PU-2020-1279
ALT-PU-2020-1280
ALT-PU-2020-1281
ALT-PU-2020-1282
ALT-PU-2020-1283
ALT-PU-2020-1284
ALT-PU-2020-1285
ALT-PU-2020-1286
ALT-PU-2020-1287
ALT-PU-2020-1288
ALT-PU-2020-1289
ALT-PU-2020-1290
ALT-PU-2020-1291
ALT-PU-2020-1292
ALT-PU-2020-1293
ALT-PU-2020-1294
ALT-PU-2020-1295
ALT-PU-2020-1296
ALT-PU-2020-1297
ALT-PU-2020-1298
ALT-PU-2020-1350
ALT-PU-2020-1351
ALT-PU-2020-1352
ALT-PU-2020-1353
ALT-PU-2020-1354
ALT-PU-2020-1355
ALT-PU-2020-1356
ALT-PU-2020-1357
ALT-PU-2020-1358
ALT-PU-2020-1359
ALT-PU-2020-1360
ALT-PU-2020-1361
ALT-PU-2020-1362
ALT-PU-2020-1363
ALT-PU-2020-1364
ALT-PU-2020-1365
ALT-PU-2020-1366
ALT-PU-2020-1367
ALT-PU-2020-1368
ALT-PU-2020-1369
ALT-PU-2020-1370
ALT-PU-2020-1371
ALT-PU-2020-1372
ALT-PU-2020-1373
ALT-PU-2020-1374
ALT-PU-2020-1375
ALT-PU-2020-1376
ALT-PU-2020-1377
ALT-PU-2020-1378
ALT-PU-2020-1379
ALT-PU-2020-1380
ALT-PU-2020-1381
ALT-PU-2020-1382
ALT-PU-2020-1556
AZL-6837
BDU:2022-01758
CVE-2020-24742
DSA-4617-1
USN-4275-1

Affected Products

Alt Linux
Qt