Vulnerability Description
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qt | Qt | 1.41 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html
- http://lists.qt-project.org/pipermail/announce/2013-February/000023.htmlPatchVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0669.html
- https://bugzilla.redhat.com/show_bug.cgi?id=907425
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html
- http://lists.qt-project.org/pipermail/announce/2013-February/000023.htmlPatchVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0669.html
- https://bugzilla.redhat.com/show_bug.cgi?id=907425
FAQ
What is CVE-2013-0254?
CVE-2013-0254 is a vulnerability with a CVSS score of 3.6 (LOW). The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, wh...
How severe is CVE-2013-0254?
CVE-2013-0254 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0254?
Check the references section above for vendor advisories and patch information. Affected products include: Qt Qt.