kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kdirstat | Kdirstat_project | 2.7.0 (including) | 2.7.0 (including) |
Opensuse | Opensuse | 13.1 (including) | 13.1 (including) |