[Interest] Questions regarding "Improper Link Resolution Before File Access in QFileSystemEngine"

Schimkowitsch Robert Robert.Schimkowitsch at andritz.com
Thu May 8 10:22:18 CEST 2025 

Thank you so much!

Kind regards

Robert

> -----Original Message-----
> From: Thiago Macieira <thiago.macieira at intel.com>
> Sent: Thursday, 8 May 2025 10:16
> To: interest at qt-project.org
> Cc: Schimkowitsch Robert <Robert.Schimkowitsch at andritz.com>
> Subject: Re: [Interest] Questions regarding "Improper Link Resolution Before
> File Access in QFileSystemEngine"
>
> On Wednesday, 7 May 2025 14:16:08 Central European Summer Time
> Schimkowitsch
> Robert wrote:
> > Regarding CVE-2025-4211, “Improper Link Resolution Before File Access in
> > QFileSystemEngine”, could someone elaborate what public APIs are
> affected?
> > The mentioned QFileSystemEngine is not a public API, so which public APIs
> > use it internally? Since the issue mentions GetTempPath, which sounds like
> > it would only affect usages that are related to temporary files and
> > folders. Is this assessment correct?
>
> We should have mentioned this on the disclosure...
>
> The front-end is QDir::tempPath(). Also affects anything using that behind the
> scenes too, of which there is a lot, like QStandardPaths with TempLocation,
> QTemporaryDir, QTemporaryFile.
>
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
>   Principal Engineer - Intel DCAI Platform & System Engineering
________________________________

This message and any attachments are solely for the use of the intended recipients. They may contain privileged and/or confidential information or other information protected from disclosure. If you are not an intended recipient, you are hereby notified that you received this email in error and that any review, dissemination, distribution or copying of this email and any attachment is strictly prohibited. If you have received this email in error, please contact the sender and delete the message and any attachment from your system.

ANDRITZ HYDRO GmbH


Rechtsform/ Legal form: Gesellschaft mit beschränkter Haftung / Corporation

Firmensitz/ Registered seat: Wien

Firmenbuchgericht/ Court of registry: Handelsgericht Wien

Firmenbuchnummer/ Company registration: FN 61833 g

DVR: 0605077

UID-Nr.: ATU14756806


Thank You
________________________________

More information about the Interest mailing list