CVE-2019-14744
kconfig - security update
7.8
HIGH
CVSS 3.1
EPSS 1.7%
Description
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
How to fix CVE-2019-14744
To remediate CVE-2019-14744, upgrade the affected package to a fixed version below.
- —upgrade to 5.54.0-2 or later
- —upgrade to 5.28.0-2+deb9u1 or later
- —upgrade to 4:4.14.2-5+deb8u3 or later
Is CVE-2019-14744 being exploited?
Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 5.54.0-2
- from 0, < 5.28.0-2+deb9u1
- from 0, < 4:4.14.2-5+deb8u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |