FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kf5-kauth -- Insecure handling of arguments in helpers

Affected packages
kf5-kauth < 5.54.0_2

Details

VuXML ID e8bcac84-2d5c-11e9-9a74-e0d55e2a8bf9
Discovery 2019-02-09
Entry 2019-02-10

Albert Astals Cid reports:

KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus.

Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugin

References

CVE Name CVE-2019-7443
URL https://www.kde.org/info/security/advisory-20190209-1.txt