CVE-2020-0570

Priority
Description
QLibrary in Qt versions 5.12.0 through 5.14.0, on certain x86 machines, would
search for certain libraries and plugins relative to current working directory
of the application, which allows an attacker that can place files in the file
system and influence the working directory of Qt-based applications to load
and execute malicious code. This issue was verified on Linux and probably
affects all Unix operating systems, other than macOS (Darwin). This issue does
not affect Windows.
Assigned-to
mdeslaur
Notes
mdeslaurOnly affects 5.12.0 through 5.14.0
Package
Upstream:released (5.12.5+dfsg-8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):released (5.12.4+dfsg-4ubuntu1.1)
Ubuntu 20.04 (Focal Fossa):not-affected (5.12.5+dfsg-8)
Patches:
Upstream:https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd
More Information

Updated: 2020-02-10 15:15:26 UTC (commit e2b80aba94d218c7417082d5acfc48647f8445c7)