Nuglaanta fulinta koodka KDE marka la arkayo liiska faylalka
Gudaha KDE la aqoonsadaynuglaanta, kaas oo u ogolaanaya weeraryahanku inuu fuliyo amarada aan sabab lahayn marka isticmaaluhu uu arko buug ama kayd ay ku jiraan ".desktop" iyo ".directory" faylasha si gaar ah loo habeeyay. Weerarku wuxuu u baahan yahay in isticmaaluhu si fudud u eego liiska faylalka ku jira maareeyaha faylka Dolphin, soo dejiyo faylka desktop-ka xaasidka ah, ama u jiid gaaban miiska ama dukumentiga. Dhibaatadu waxay muujinaysaa in hadda la sii daayo maktabadaha Qaab-dhismeedka KDE 5.60.0 iyo noocyadii hore, ilaa KDE 4. Nuglaanta ayaa weli ah harayaan la saxin (CVE lama meelayn).
Dhibaatada waxaa sababa hirgelinta khaladka ah ee fasalka KDesktopFile, kaas oo, marka la farsameynayo doorsoomiyaha "Icon", iyada oo aan si habboon loo baxsan, u gudbisa qiimaha KConfigPrivate :: expandString (), kaas oo fuliya ballaarinta jilayaasha gaarka ah, oo ay ku jiraan habaynta xargaha "$(..)" sida amarrada la fulinayo. Ka soo horjeeda shuruudaha qeexitaanka XDG, hirgelinta muujin dhismooyinka qolofka ayaa la soo saaraa iyada oo aan la kala saarin nooca goobaha, i.e. ma aha oo kaliya marka la go'aaminayo khadka taliska ee codsiga la bilaabayo, laakiin sidoo kale marka la tilmaamayo calaamadaha lagu soo bandhigay default.
Tusaale ahaan, in la weeraro waa ku filan u dir isticmaalaha zip archive oo wata hage ka kooban faylka ".directory" sida: