CVE-2017-10904

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.