The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-116,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kleopatra_project | kleopatra | * |
| opensuse | backports_sle | 15.0 |
| fedoraproject | fedora | 32 |
| opensuse | leap | 15.1 |