ubuntu · CVE-2012-4425

Quick triage

Priority: low Published: 2012-09-18 17:55:00 UTC Updated: 2025-08-04 19:24:15 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2012-4425 low priority: Ubuntu including 2 source packages (glib2.0, spice-gtk), 48 status rows across 24 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hardy, hirsute, lucid, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 35, ignored 6, DNE 5, needs-triage 1, released 1.

Description:

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.

cvelogic Threat Intelligence