misc
misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.
Exploitability
AV:L
AC:L
Au:N
Impact
C:C
I:C
A:C
7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C