PT-2024-5734 · Gtk+10 · Gtk+10

Pedro Sampaio

·

Published

2024-06-15

·

Updated

2025-06-18

·

CVE-2024-6655

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GTK versions prior to the fixed version
Description A flaw was found in the GTK library, allowing for library injection from the current working directory under certain conditions. This could potentially enable an attacker to elevate their privileges. The issue is related to incorrect code generation management.
Recommendations For GTK versions prior to the fixed version, consider restricting access to the current working directory to minimize the risk of library injection until a patch is available. As a temporary workaround, avoid using the vulnerable library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALSA-2024:6963
ALSA-2024:9184
ALT-PU-2024-16477
ALT-PU-2024-9862
AZL-43377
AZL-43381
AZL-43384
AZL-43387
BDU:2024-06447
CESA-2024_6963
CVE-2024-6655
INFSA-2024_6963
INFSA-2024_9184
MGASA-2024-0312
OESA-2024-1886
OESA-2024-1892
OPENSUSE-SU-2024:14124-1
OPENSUSE-SU-2024:14191-1
OPENSUSE-SU-2024_2633-1
OPENSUSE-SU-2025_0031-1
RHSA-2024:6963
RHSA-2024:9184
RHSA-2024_6963
RHSA-2024_9184
RLSA-2024:6963
RLSA-2024:9184
SUSE-SU-2024:2611-1
SUSE-SU-2024:2612-1
SUSE-SU-2024:2633-1
SUSE-SU-2024:2634-1
SUSE-SU-2024:2660-1
SUSE-SU-2024:2661-1
SUSE-SU-2024:2897-1
SUSE-SU-2024:2898-1
SUSE-SU-2024_2611-1
SUSE-SU-2024_2612-1
SUSE-SU-2024_2633-1
SUSE-SU-2024_2634-1
SUSE-SU-2024_2660-1
SUSE-SU-2024_2661-1
SUSE-SU-2024_2897-1
SUSE-SU-2024_2898-1
SUSE-SU-2025:0031-1
SUSE-SU-2025:20052-1
SUSE-SU-2025_0031-1
USN-6899-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Gtk
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu