CVE-2013-0254

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
Severity
UNKNOWN
AV:L/AC:L/Au:N/C:P/I:P/A:N
Atk. Vector
LOCAL
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
qtqt
1.41
qtqt
1.42
qtqt
1.43
qtqt
1.44
qtqt
1.45
qtqt
2.0.0
qtqt
2.0.1
qtqt
2.0.2
qtqt
3.3.0
qtqt
3.3.1
qtqt
3.3.2
qtqt
3.3.3
qtqt
3.3.4
qtqt
3.3.5
qtqt
3.3.6
qtqt
4.0.0
qtqt
4.0.1
qtqt
4.1.0
qtqt
4.1.1
qtqt
4.1.2
qtqt
4.1.3
qtqt
4.1.4
qtqt
4.1.5
qtqt
4.2.0
qtqt
4.2.1
qtqt
4.2.3
qtqt
4.3.0
qtqt
4.3.1
qtqt
4.3.2
qtqt
4.3.3
qtqt
4.3.4
qtqt
4.3.5
qtqt
4.4.0
qtqt
4.4.1
qtqt
4.4.2
qtqt
4.4.3
qtqt
4.5.0
qtqt
4.5.1
qtqt
4.5.2
qtqt
4.5.3
qtqt
4.6.0
qtqt
4.6.1
qtqt
4.6.2
qtqt
4.6.3
qtqt
4.6.4
qtqt
4.6.5
qtqt
4.7.0
qtqt
4.7.1
qtqt
4.7.2
qtqt
4.7.3
qtqt
4.7.4
qtqt
4.7.5
qtqt
4.7.6
qtqt
4.8.0
qtqt
4.8.1
qtqt
4.8.2
qtqt
4.8.3
qtqt
4.8.4
qtqt
4.8.5
qtqt
5.0.0
qtqt
5.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qt4-x11
quantal
Fixed 4:4.8.3+dfsg-0ubuntu3.1
released
precise
Fixed 4:4.8.1-0ubuntu4.4
released
oneiric
Fixed 4:4.7.4-0ubuntu8.3
released
lucid
Fixed 4:4.6.2-0ubuntu5.6
released
hardy
ignored
Common Weakness Enumeration