QwikSec

Security Database

CVE

CWE

Training

CVE-2013-0254

Published: Feb 6, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2013:0404

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2013:0403

vendor-advisory

x_refsource_SUSE

[qt-announce] 20130205 [Announce] [CVE-2013-0254] Qt Project Security Advisory: System V shared memory segments created world-writeable

mailing-list

x_refsource_MLIST

openSUSE-SU-2013:0411

vendor-advisory

x_refsource_SUSE

https://bugzilla.redhat.com/show_bug.cgi?id=907425

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.