Unrated severityNVD Advisory· Published Aug 7, 2019· Updated Aug 5, 2024
CVE-2019-14744
CVE-2019-14744
Description
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
23- KDE Frameworks/KConfigdescription
- osv-coords21 versionspkg:rpm/opensuse/kconfig&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/kconfig&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/kdelibs4-apidocs&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/kdelibs4-apidocs&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/kdelibs4&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/kdelibs4&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/kconfig&distro=SUSE%20Package%20Hub%2012%20SP1pkg:rpm/suse/kconfig&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/kconfig&distro=SUSE%20Package%20Hub%2012%20SP3pkg:rpm/suse/kconfig&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/kconfig&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/kdelibs4-apidocs&distro=SUSE%20Package%20Hub%2012%20SP1pkg:rpm/suse/kdelibs4-apidocs&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/kdelibs4-apidocs&distro=SUSE%20Package%20Hub%2012%20SP3pkg:rpm/suse/kdelibs4-apidocs&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/kdelibs4-apidocs&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/kdelibs4&distro=SUSE%20Package%20Hub%2012%20SP1pkg:rpm/suse/kdelibs4&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/kdelibs4&distro=SUSE%20Package%20Hub%2012%20SP3pkg:rpm/suse/kdelibs4&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/kdelibs4&distro=SUSE%20Package%20Hub%2015%20SP1
< 5.55.0-bp151.3.5.1+ 20 more
- (no CPE)range: < 5.55.0-bp151.3.5.1
- (no CPE)range: < 5.55.0-bp151.3.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 5.55.0-bp151.3.5.1
- (no CPE)range: < 5.55.0-bp151.3.5.1
- (no CPE)range: < 5.55.0-bp151.3.5.1
- (no CPE)range: < 5.55.0-bp151.3.5.1
- (no CPE)range: < 5.55.0-bp151.3.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
- (no CPE)range: < 4.14.38-bp151.9.5.1
Patches
Vulnerability mechanics
References
18- lists.opensuse.org/opensuse-security-announce/2019-08/msg00013.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:2606mitrevendor-advisoryx_refsource_REDHAT
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IRIKH7ZWXELIQT6WSLV7EG3VTFWKZPD/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNHO6FZRYBQ2R3UCFDGS66F6DNNTKCMM/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYKLUSSEK3YJOVQDL6K2LKGS3354UH6L/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTFBQRJAU7ITD3TOMPZAUQMYYCAZ6DTX/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YIDXQ6CUB5E7Y3MJWCUY4VR42QAE6SCJ/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/201908-07mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4100-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4494mitrevendor-advisoryx_refsource_DEBIAN
- packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.htmlmitrex_refsource_MISC
- gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txtmitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/08/msg00023.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Aug/12mitremailing-listx_refsource_BUGTRAQ
- seclists.org/bugtraq/2019/Aug/9mitremailing-listx_refsource_BUGTRAQ
- www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.