An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary
attempts to load plugins relative to the working directory, allowing
attackers to execute arbitrary code via crafted files.
Author | Note |
---|---|
mdeslaur | introduced by https://codereview.qt-project.org/q/commit:5219c37f7c98f37f078fee00fe8ca35d83ff4f5d |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | Upstream | noarch | qtbase-opensource-src | < any | UNKNOWN |
ubuntu | Upstream | noarch | qtbase-opensource-src-gles | < any | UNKNOWN |