CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
5.1%
The uim developers reports:
Takumi ASAKI discovered that uim always trusts environment
variables. But this is not correct behavior, sometimes environment
variables shouldn’t be trusted. This bug causes privilege escalation
when libuim is linked against setuid/setgid application. Since GTK+
prohibits setuid/setgid applications, the bug appears only in
‘immodule for Qt’ enabled Qt. (Normal Qt is also safe.)