Описание
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
Qt5 versions up to qt 5.12.7, qt 5.14.1, qt 5.15.0 allows plugins to be loaded from current working directory, this can lead to compromised plugins to loaded leading to possible arbitrary code execution.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | qt | Out of support scope | ||
| Red Hat Enterprise Linux 6 | qt3 | Not affected | ||
| Red Hat Enterprise Linux 7 | qt | Out of support scope | ||
| Red Hat Enterprise Linux 7 | qt3 | Not affected | ||
| Red Hat Enterprise Linux 8 | qt5-qtbase | Affected | ||
| Red Hat Enterprise Linux 9 | qt5-qtbase | Not affected |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader atte ...
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
7.8 High
CVSS3