KDE Frameworks Command Execution Vulnerability (CVE-2019-14744) Threat Alert
August 19, 2019
Overview
Recently, a security researcher took to Twitter to disclose a KDE Frameworks command injection vulnerability, which stems from the KDesktopfile class handling .desktop, .directory, and configuration files. An attacker could create malicious files of these types, which, once being viewed with the KDE file viewer, could trigger the vulnerability, leading to code execution without requiring any user interactions like executing such files. (more…)