VDB

CVE-2012-4425

CVE-2012-4425 PUBLISHED CVSS 6.900000095367432 MEDIUM

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.

EPSS 0.55% · 68.5th percentile

Risk Scores

CVSS 2.0
6.900000095367432
EPSS Score
0.55%
68.5th percentile

Affected Products

VendorProductVersions
freedesktopspice-gtk
gtklibgio
n/an/a*

Timeline

  • Sep 18, 2012 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 3, 2023 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Feb 13, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›