CVE-2020-24742

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-24742
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24742.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-24742
Downstream
Published
2021-08-09T22:15:08.607Z
Modified
2026-04-10T04:25:00.387274Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

References

Affected packages

Git / github.com/qt/qtbase

Affected ranges

Type
GIT
Repo
https://github.com/qt/qtbase
Events
Introduced
d0cdc7ad1e2728caf363abf328b2ad81f2ed5a5b
Fixed
1bf5d3af1a4ec307bb77e1b54bb1f723c3eef481
Introduced
fc9ae22c88dd085c7c31599037132fc756feeb04
Last affected
a7a24784eeba6747d319eb911583bdd99ef38cdb
Database specific 
{
    "versions": [
        {
            "introduced": "5.6.0"
        },
        {
            "fixed": "5.12.7"
        },
        {
            "introduced": "5.13.0"
        },
        {
            "last_affected": "5.13.2"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24742.json"