vulnerability

FreeBSD: VID-f5f0a640-bae8-11e9-bb3a-001e2a3f778d (CVE-2019-14744): KDE Frameworks -- malicious .desktop files execute code

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:H/Au:N/C:P/I:P/A:P)	Aug 9, 2019	Aug 10, 2019	Dec 10, 2025

Severity

CVSS

(AV:N/AC:H/Au:N/C:P/I:P/A:P)

Published

Aug 9, 2019

Added

Aug 10, 2019

Modified

Dec 10, 2025

Description

The KDE Community has released a security announcement: The syntax Key[$e]=$(shell command) in *.desktop files, .directory files, and configuration files (typically found in ~/.config) was an intentional feature of KConfig, to allow flexible configuration. This could however be abused by malicious people to make the users install such files and get code executed even without intentional action by the user.

Solution

freebsd-upgrade-package-kf5-kconfig

References

CVE-2019-14744
https://attackerkb.com/topics/CVE-2019-14744
CWE-78

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today