CVE-2025-2722

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions GNOME libgsf versions up to 1.14.53

Description A critical issue affects the function gsf prop settings collect va due to the manipulation of the argument n alloced params, leading to a heap-based buffer overflow. This issue requires local access to exploit. The vendor was contacted about this disclosure but did not respond.

Recommendations For GNOME libgsf versions up to 1.14.53, consider restricting access to the gsf prop settings collect va function until a patch is available. As a temporary workaround, avoid manipulating the n alloced params argument to minimize the risk of exploitation.

Fix

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-119

Related Identifiers

CVE-2025-2722

Affected Products

Debian

Gnome Libgsf

CVE-2025-2722

Weakness Enumeration

Related Identifiers

Affected Products

References · 15