3.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
5.1%
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before
4.7.6, and other versions including 4.4.0 uses weak permissions
(world-readable and world-writable) for shared memory segments, which
allows local users to read sensitive information or modify critical program
data, as demonstrated by reading a pixmap being sent to an X server.
Author | Note |
---|---|
seth-arnold | “forthcoming 4.8.5, and the 4.7.6 [releases]” |