A vulnerability (CVE-2026-45184, CVSS 6.5) in the Kdenlive video editor allows arbitrary code execution when a user opens a maliciously crafted project file. For Debian Bookworm, the issue is fixed in version 22.12.3-2+deb12u2, and for Trixie, in version 24.12.3-2+deb13u1. Users are advised to upgrade their kdenlive packages to these patched versions.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6299-1] kdenlive security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6299-1] kdenlive security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Tue, 26 May 2026 21:08:24 +0000 Message-id: <[🔎] ahYLyJe8kuoYI3B3@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6299-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : kdenlive CVE ID : CVE-2026-45184 It was discovered that opening a malformed project file in the Kdenlive video editor could result in the execution of arbitrary code. For the oldstable distribution (bookworm), this problem has been fixed in version 22.12.3-2+deb12u2. For the stable distribution (trixie), this problem has been fixed in version 24.12.3-2+deb13u1. We recommend that you upgrade your kdenlive packages. For the detailed security status of kdenlive please refer to its security tracker page at: https://security-tracker.debian.org/tracker/kdenlive Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoWC2MACgkQEMKTtsN8 TjZorw//aiG/GErX1FzDzbkd682H1iEZh3PieFYvklsFV2wOUhDuF8uvr76Hy4KG xQfE4W7IfnGI6IGJciDu0M78iVJBntv8lKPBHd5gE+J+AU50K7s4/y5uU0FSJ2Eo mxdvgyUq0TG3I4l4JjUj7B6aLPnfcs5l7K6vu6CDpLVaWsrSsZxxhlXjUhbLK3l6 Uyd/0LZGG46hPfKXOQBDxIWg/pHhOutpdR++wR9yQVpaKnimD+4wE6cQRQeEiLCC cFTmhU9ndZ11fjn2R9fAFKxkvnhlcLOmImCzGTaTNQH6Lw920OE0FQ7PnT6W/S82 7+SBzPCZd3vDxL7WZ+qBFLUwAgoPeERIss3DdLjkYd5qGWD2mv0sEOy5NVURUx57 /m0UXUM1/aoLY4DLndN6N/6o9+EwTgrM7el1584AN+oba3gNhNPzLbYagY/js6zl ejqfJhczDuSstQPn74XFT3zmVREOViGAZYL8l09xtnfxxfLKV0xuoPFLbXETNkf9 GbM5PB7dcEASVKlWW66VDgkLi8SUKe/do9UKBs8W7YwuETYDqYAh7+rxuLP//Iyr /2ZPFV60n6Z9s1FTbojnOmIzKRPq3Ma4sayiiU/MznSM4SWiUtdsOf0KOaVwk7yj RkB1wpF59qLRra16GwHXcliwSID31uu/BYYoz6M1o1kfTI+vfbs= =1ZjV -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6298-1] imagemagick security update Next by Date: [SECURITY] [DSA 6300-1] node-shell-quote security update Previous by thread: [SECURITY] [DSA 6298-1] imagemagick security update Next by thread: [SECURITY] [DSA 6300-1] node-shell-quote security update Index(es): Date Thread