Your submission was sent successfully! Close

CVE-2013-0254

Published: 6 February 2013

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.

Priority

Medium

Status

Package Release Status
qt4-x11
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (4:4.6.2-0ubuntu5.6)
oneiric
Released (4:4.7.4-0ubuntu8.3)
precise
Released (4:4.8.1-0ubuntu4.4)
quantal
Released (4:4.8.3+dfsg-0ubuntu3.1)
upstream Needed