Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.06%
Published
2005-10-05
Updated
2011-03-08
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-02-21
Updated
2008-09-10
2 vulnerabilities found