CVE-2020-24742

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
qtqt
5.6.0 ≤
𝑥
< 5.12.7
qtqt
5.13.0 ≤
𝑥
≤ 5.13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qtbase-opensource-src
bullseye
5.15.2+dfsg-9+deb11u1
fixed
bookworm
5.15.8+dfsg-11+deb12u2
fixed
trixie
5.15.13+dfsg-4
fixed
sid
5.15.15+dfsg-2
fixed
qtbase-opensource-src-gles
bullseye
5.15.2+dfsg-4
fixed
bookworm
5.15.8+dfsg-3
fixed
trixie
5.15.13+dfsg-2
fixed
sid
5.15.15+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qtbase-opensource-src
jammy
not-affected
impish
not-affected
hirsute
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
qtbase-opensource-src-gles
jammy
not-affected
impish
not-affected
hirsute
not-affected
focal
not-affected
bionic
dne
xenial
not-affected
trusty
dne
References
https://codereview.qt-project.org/c/qt/qtbase/+/280730
https://codereview.qt-project.org/c/qt/qtbase/+/280730