CVE-2019-14744

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-14744
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14744.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-14744
Downstream
Related
Published
2019-08-07T15:15:13.970Z
Modified
2025-11-14T03:34:07.912415Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.

References

Affected packages

Git / github.com/kde/kconfig

Affected ranges

Type
GIT
Repo
https://github.com/kde/kconfig
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
01674d7d5b1d8d0f21193f00265bf923fda71dc1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/kde/kconfig/commit/01674d7d5b1d8d0f21193f00265bf923fda71dc1",
        "signature_type": "Function",
        "id": "CVE-2019-14744-1c7393f5",
        "target": {
            "function": "pclose",
            "file": "src/core/kconfig.cpp"
        },
        "digest": {
            "length": 78.0,
            "function_hash": "166287550091562779193981306668315568857"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/kde/kconfig/commit/01674d7d5b1d8d0f21193f00265bf923fda71dc1",
        "signature_type": "Function",
        "id": "CVE-2019-14744-320960f8",
        "target": {
            "function": "KConfigTest::testPath",
            "file": "autotests/kconfigtest.cpp"
        },
        "digest": {
            "length": 2344.0,
            "function_hash": "201227975064063643500654209063474585945"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/kde/kconfig/commit/01674d7d5b1d8d0f21193f00265bf923fda71dc1",
        "signature_type": "Line",
        "id": "CVE-2019-14744-61ba312a",
        "target": {
            "file": "src/core/kconfig.cpp"
        },
        "digest": {
            "line_hashes": [
                "219238070457140180782464651918423636149",
                "38491282600862164353026772136766264913",
                "77473684727101397003423434382086957922",
                "123576541135020462325223209333002481892",
                "243270112199528120021337049640063687340",
                "179232034900449800194992977139071032662",
                "28202976460566135180869651120575273973",
                "257509060350184225176200564890918695238",
                "255654872450667205134243279706975197359",
                "264809491138171191926012690386370160699",
                "143875182632039205929116491628038440693",
                "230704496539716751043063099538078582515",
                "258568453730135438542824856882267925598",
                "751752657148072855984840805065044404",
                "232539804994714740895294641664614644177",
                "223908355289972397329117619322475959895",
                "123359929852011967075040357726367133726",
                "183620047286281769889605689584128899238",
                "314224693445691058727953396780970015458",
                "86145373309543523888844720041847637281",
                "21966175074445045118325256684733246134",
                "85727537607326181577550844617464997181",
                "256102095870506990409813761347665498543",
                "119135648912785358602252128473603736170",
                "54540603266613982471755358018667943681",
                "244317761682267316327482097989042258989",
                "296207873477699354380409116829593071433",
                "44735070715816076088362537488525571293",
                "216357978125872459852245291731832096254",
                "13885507227288685944939745929673310517",
                "97229892384057337916262104037871851087",
                "195677081610674128256962900863103062830",
                "338945489393647297934586417511872891919",
                "286292191644850487457661984672918182557",
                "185493591544518217405171905016427751511",
                "109023484862263956099523302032545832009",
                "50834886412605956583584330568090482115"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/kde/kconfig/commit/01674d7d5b1d8d0f21193f00265bf923fda71dc1",
        "signature_type": "Function",
        "id": "CVE-2019-14744-c1839bd9",
        "target": {
            "function": "KConfigPrivate::expandString",
            "file": "src/core/kconfig.cpp"
        },
        "digest": {
            "length": 2118.0,
            "function_hash": "149366800661875045146523857866184181742"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/kde/kconfig/commit/01674d7d5b1d8d0f21193f00265bf923fda71dc1",
        "signature_type": "Function",
        "id": "CVE-2019-14744-e8406776",
        "target": {
            "function": "popen",
            "file": "src/core/kconfig.cpp"
        },
        "digest": {
            "length": 116.0,
            "function_hash": "241482068227347318536435887937755967892"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/kde/kconfig/commit/01674d7d5b1d8d0f21193f00265bf923fda71dc1",
        "signature_type": "Line",
        "id": "CVE-2019-14744-ed6f5eec",
        "target": {
            "file": "autotests/kconfigtest.cpp"
        },
        "digest": {
            "line_hashes": [
                "274983871087735361117106027363551023157",
                "113313227363192657344864747164063665631",
                "315646538174608672540088760809254909790",
                "22524664523741219598618095927819121532",
                "59194077536573723938310378385337659362",
                "129599921055282812438646111261266311229",
                "49434401398152834330291590172135522192",
                "250697576943176049593587069711254216377",
                "153232625496564923540418561100868624756",
                "169829718039119230167840947785967827157",
                "257586542011894381248965637057220297746",
                "58073473305846995140395636030945561365",
                "210712362608107427662996579891113002721"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    }
]