An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
Link | Resource |
---|---|
https://gitlab.gnome.org/GNOME/libgsf/-/issues/34 | Issue Tracking |
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068 | Technical Description Third Party Advisory |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2068 |
Configurations
History
21 Nov 2024, 09:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.4 |
09 Oct 2024, 16:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:gnome:libgsf:1.14.52:*:*:*:*:*:*:* | |
First Time |
Gnome
Gnome libgsf |
|
References | () https://gitlab.gnome.org/GNOME/libgsf/-/issues/34 - Issue Tracking | |
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068 - Technical Description, Third Party Advisory |
04 Oct 2024, 13:50
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-03 16:15
Updated : 2024-11-21 09:22
NVD link : CVE-2024-36474
Mitre link : CVE-2024-36474
CVE.ORG link : CVE-2024-36474
JSON object : View
Products Affected
gnome
- libgsf
CWE
CWE-190
Integer Overflow or Wraparound