CVE-2016-1573 MEDIUM

CVE-2016-1573: Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash

Vendor Ubuntu
Product Unity8
Published April 22, 2019
Last update September 16, 2024

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.

Key dates

02Disclosure timeline

April 22, 2019 CVE published
September 16, 2024 Record updated