Kdenlive
Monthly
Kdenlive before version 26.04.1 permits arbitrary command execution through dangerous proxy parameters embedded in attacker-controlled project files. When a victim opens a malicious .kdenlive project file, the application processes untrusted proxy settings without sufficient validation, enabling code execution with the privileges of the user running Kdenlive. This requires user interaction (opening a file) but poses significant risk in contexts where project files are shared or downloaded from untrusted sources.
Kdenlive before version 26.04.1 permits arbitrary command execution through dangerous proxy parameters embedded in attacker-controlled project files. When a victim opens a malicious .kdenlive project file, the application processes untrusted proxy settings without sufficient validation, enabling code execution with the privileges of the user running Kdenlive. This requires user interaction (opening a file) but poses significant risk in contexts where project files are shared or downloaded from untrusted sources.