6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.8%
KDirStat is a graphical disk usage utility for KDE.
Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands.
A local attacker could possibly execute arbitrary shell command with the privileges of the process.
There is no known workaround at this time.
All KDirStat users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-misc/kdirstat-2.7.5"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | kde-misc/kdirstat | < 2.7.5 | UNKNOWN |