NULL Pointer Dereference in GNOME Nautilus Product
CVE-2022-37290

5.5MEDIUM

Key Information:

Vendor: Gnome
Status: Nautilus
Vendor: CVE Published:; 14 November 2022

Summary

A vulnerability in GNOME Nautilus version 42.2 allows for a NULL pointer dereference when a user pastes a ZIP archive into the application. This flaw can cause the application to crash unexpectedly, potentially disrupting user workflows and data access. Users are advised to avoid pasting malicious ZIP files and to keep their software updated to mitigate risks associated with this issue.

References

https://gitlab.gnome.org/GNOME/nautilus/-/tree/master

https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376

https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2022
Vulnerability Reserved
Aug 1, 2022