Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash
CVE-2016-1573

4.8MEDIUM

Key Information:

Vendor: Ubuntu
Status: Unity8
Vendor: CVE Published:; 22 April 2019

What is CVE-2016-1573?

Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.

Affected Version(s)

Unity8 < 8.11+16.04.20160122-0ubuntu1

References

https://bazaar.launchpad.net/~unity-team/unity8/stable/re...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2019
Vulnerability Reserved
Jan 12, 2016

Ubuntu

What is CVE-2016-1573?

Affected Version(s)

References

CVSS V3.1

Timeline