CVE-2020-24742
HIGH7.8EPSS 0.84%Published: 8/9/2021Modified: 4/28/2026
Also known as:DEBIAN-CVE-2020-24742
Description
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
Affected packages (2)
- Debian/qtbase-opensource-srcfrom 0, < 5.12.5+dfsg-8
- Debian/qtbase-opensource-src-glesfrom 0, < 5.14.2+dfsg-3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |