FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kf5-kauth -- Insecure handling of arguments in helpers

Affected packages
kf5-kauth < 5.54.0_2

Details

VuXML ID e8bcac84-2d5c-11e9-9a74-e0d55e2a8bf9
Discovery 2019-02-09
Entry 2019-02-10

Albert Astals Cid reports:

KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus.

Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugin

[source]

References

CVE Name CVE-2019-7443
URL https://www.kde.org/info/security/advisory-20190209-1.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.