The library that does this is DisplayDoc, a library that you LD_PRELOAD in a process you want to debug, and it opens a socket that the rest of the program connects to, enabling you to debug the graphics stack. Sure it's not exactly best practices but it's not entirely unreasonable for this library to do this. They've since patched the various bugs that qualys discovered.
Oh, it's absolutely not the library's fault; nobody could reasonably have expected that "random privileged code is going to dlopen your library at random times" was part of the threat model.
The library that does this is DisplayDoc, a library that you LD_PRELOAD in a process you want to debug, and it opens a socket that the rest of the program connects to, enabling you to debug the graphics stack. Sure it's not exactly best practices but it's not entirely unreasonable for this library to do this. They've since patched the various bugs that qualys discovered.