An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
Link | Resource |
---|---|
https://gitlab.gnome.org/GNOME/libgsf/-/issues/34 | Issue Tracking |
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069 | Technical Description Third Party Advisory |
http://www.openwall.com/lists/oss-security/2024/10/04/3 | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2069 |
Configurations
History
21 Nov 2024, 09:34
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.4 |
09 Oct 2024, 16:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gnome:libgsf:1.14.52:*:*:*:*:*:*:* | |
References | () https://gitlab.gnome.org/GNOME/libgsf/-/issues/34 - Issue Tracking | |
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069 - Technical Description, Third Party Advisory | |
First Time |
Gnome
Gnome libgsf |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
04 Oct 2024, 13:50
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-03 16:15
Updated : 2024-11-21 09:34
NVD link : CVE-2024-42415
Mitre link : CVE-2024-42415
CVE.ORG link : CVE-2024-42415
JSON object : View
Products Affected
gnome
- libgsf
CWE
CWE-190
Integer Overflow or Wraparound