CVE-2013-0254

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
qtqt
1.41
qtqt
1.42
qtqt
1.43
qtqt
1.44
qtqt
1.45
qtqt
2.0.0
qtqt
2.0.1
qtqt
2.0.2
qtqt
3.3.0
qtqt
3.3.1
qtqt
3.3.2
qtqt
3.3.3
qtqt
3.3.4
qtqt
3.3.5
qtqt
3.3.6
qtqt
4.0.0
qtqt
4.0.1
qtqt
4.1.0
qtqt
4.1.1
qtqt
4.1.2
qtqt
4.1.3
qtqt
4.1.4
qtqt
4.1.5
qtqt
4.2.0
qtqt
4.2.1
qtqt
4.2.3
qtqt
4.3.0
qtqt
4.3.1
qtqt
4.3.2
qtqt
4.3.3
qtqt
4.3.4
qtqt
4.3.5
qtqt
4.4.0
qtqt
4.4.1
qtqt
4.4.2
qtqt
4.4.3
qtqt
4.5.0
qtqt
4.5.1
qtqt
4.5.2
qtqt
4.5.3
qtqt
4.6.0
qtqt
4.6.1
qtqt
4.6.2
qtqt
4.6.3
qtqt
4.6.4
qtqt
4.6.5
qtqt
4.7.0
qtqt
4.7.1
qtqt
4.7.2
qtqt
4.7.3
qtqt
4.7.4
qtqt
4.7.5
qtqt
4.7.6
qtqt
4.8.0
qtqt
4.8.1
qtqt
4.8.2
qtqt
4.8.3
qtqt
4.8.4
qtqt
4.8.5
qtqt
5.0.0
qtqt
5.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qt4-x11
quantal
Fixed 4:4.8.3+dfsg-0ubuntu3.1
released
precise
Fixed 4:4.8.1-0ubuntu4.4
released
oneiric
Fixed 4:4.7.4-0ubuntu8.3
released
lucid
Fixed 4:4.6.2-0ubuntu5.6
released
hardy
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html
http://lists.qt-project.org/pipermail/announce/2013-February/000023.html
http://rhn.redhat.com/errata/RHSA-2013-0669.html
https://bugzilla.redhat.com/show_bug.cgi?id=907425
http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html
http://lists.qt-project.org/pipermail/announce/2013-February/000023.html
http://rhn.redhat.com/errata/RHSA-2013-0669.html
https://bugzilla.redhat.com/show_bug.cgi?id=907425