Launchpad CVE tracker

CVE 2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.

Related bugs and status

CVE-2019-14744 (Candidate) is related to these bugs:

Bug #1839432: [CVE] malicious .desktop files (and others) would execute code

		In	Importance	Status
1839432	[CVE] malicious .desktop files (and others) would execute code	kconfig (Ubuntu)	Medium	Fix Released
1839432	[CVE] malicious .desktop files (and others) would execute code	kconfig (Ubuntu Bionic)	Medium	Fix Released
1839432	[CVE] malicious .desktop files (and others) would execute code	kconfig (Ubuntu Disco)	Medium	Fix Released
1839432	[CVE] malicious .desktop files (and others) would execute code	kconfig (Ubuntu Xenial)	Medium	Fix Released
1839432	[CVE] malicious .desktop files (and others) would execute code	kde4libs (Ubuntu)	Low	Fix Released
1839432	[CVE] malicious .desktop files (and others) would execute code	kde4libs (Ubuntu Bionic)	Low	Fix Released
1839432	[CVE] malicious .desktop files (and others) would execute code	kde4libs (Ubuntu Disco)	Low	Fix Released
1839432	[CVE] malicious .desktop files (and others) would execute code	kde4libs (Ubuntu Xenial)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2019-14744

References