kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kdirstat | Kdirstat_project | 2.7.3 | 2.7.3 |
Opensuse | Opensuse | 13.1 | 13.1 |