[Interest] Questions regarding "Improper Link Resolution Before File Access in QFileSystemEngine"
Thiago Macieira
thiago.macieira at intel.com
Thu May 8 10:16:06 CEST 2025
On Wednesday, 7 May 2025 14:16:08 Central European Summer Time Schimkowitsch
Robert wrote:
> Regarding CVE-2025-4211, “Improper Link Resolution Before File Access in
> QFileSystemEngine”, could someone elaborate what public APIs are affected?
> The mentioned QFileSystemEngine is not a public API, so which public APIs
> use it internally? Since the issue mentions GetTempPath, which sounds like
> it would only affect usages that are related to temporary files and
> folders. Is this assessment correct?
We should have mentioned this on the disclosure...
The front-end is QDir::tempPath(). Also affects anything using that behind the
scenes too, of which there is a lot, like QStandardPaths with TempLocation,
QTemporaryDir, QTemporaryFile.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Principal Engineer - Intel DCAI Platform & System Engineering
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5150 bytes
Desc: not available
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20250508/b8d83be5/attachment.bin>
More information about the Interest
mailing list