CVE-2012-4425 in FreeDesktop and Gtk Products
Published on September 18, 2012

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.

Vendor Advisory NVD

Products Associated with CVE-2012-4425

stack.watch emails you whenever new vulnerabilities are published in FreeDesktop Spice Gtk or Gtk Libgio. Just hit a watch button to start following.

FreeDesktop Spice Gtk

Gtk Libgio

Exploit Probability

EPSS

0.52%

Percentile

66.32%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2012-4425 in FreeDesktop and Gtk ProductsPublished on September 18, 2012

Products Associated with CVE-2012-4425

Exploit Probability

CVE-2012-4425 in FreeDesktop and Gtk Products
Published on September 18, 2012