CVE-2020-24972

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
Configurations

Configuration 1

cpe:2.3:a:kleopatra_project:kleopatra:*:*:*:*:*:gnupg:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

Information

Published : 2020-08-29 09:15

Updated : 2022-11-16 03:12


NVD link : CVE-2020-24972

Mitre link : CVE-2020-24972

Products Affected
No products.
CWE
CWE-116

Improper Encoding or Escaping of Output