CVE-2024-36474

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: GNOME Project G Structured File Library (libgsf) version v1.14.52

Description: An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow when processing the directory from the file, allowing for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Recommendations: For GNOME Project G Structured File Library (libgsf) version v1.14.52, update to a version that fixes the integer overflow vulnerability in the Compound Document Binary File format parser. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2024-15101

AZL-50064

AZL-50097

BDU:2024-08615

CVE-2024-36474

DLA-3911-1

DSA-5786-1

MGASA-2024-0337

OESA-2024-2221

OPENSUSE-SU-2024_3920-1

OPENSUSE-SU-2024_3922-1

SUSE-SU-2024:3770-1

SUSE-SU-2024:3920-1

SUSE-SU-2024:3921-1

SUSE-SU-2024:3922-1

SUSE-SU-2024_3920-1

SUSE-SU-2024_3921-1

SUSE-SU-2024_3922-1

USN-7062-1

USN-7062-2

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Libgsf

CVE-2024-36474

Weakness Enumeration

Related Identifiers

Affected Products

References · 57