CVE-2019-14744 — OS Command Injection in Kconfig
Severity
7.8HIGHNVD
OSV7.5
EPSS
1.3%
top 20.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 7
Latest updateMay 24
Description
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 29, 30, Ubuntu Linux 16.04, 18.04, 19.04
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2019-14744 kdelibs3: kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction [epel-7]↗2019-08-12
Bugzilla▶
CVE-2019-14744 kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction↗2019-08-12
Bugzilla▶
CVE-2019-14744 kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction [fedora-all]↗2019-08-12