An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "5.6.0"
},
{
"fixed": "5.12.7"
},
{
"introduced": "5.13.0"
},
{
"last_affected": "5.13.2"
}
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "5.6.0"
},
{
"fixed": "5.12.7"
},
{
"introduced": "5.13.0"
},
{
"last_affected": "5.13.2"
}
]
}