Denial of Service Vulnerability in Oxide-Qt by Canonical
CVE-2015-1332

8.8HIGH

Key Information:

Vendor

Canonical

Status
Ubuntu Linux
Vendor
CVE Published:
25 July 2017

What is CVE-2015-1332?

The Oxide-Qt framework, prior to version 1.9.1, contains a vulnerability in the JavaScriptDialogManager function that can be exploited by remote attackers. By crafting a malicious website, attackers may trigger a denial of service, leading to an application crash, or potentially execute arbitrary code on the affected systems. This vulnerability highlights the need for users to update their Oxide-Qt installations to the latest version to mitigate risks.

References

http://people.canonical.com/~ubuntu-security/cve/2015/CVE...
x_refsource_CONFIRM
https://launchpad.net/ubuntu/+source/oxide-qt/1.9.1-0ubun...
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2735-1
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.