Integer Overflow Vulnerability in GNOME Project G Structured File Library (libgsf) Could Lead to Arbitrary Code Execution
CVE-2024-42415

7.8HIGH

Key Information:

Vendor: GNOME Project
Status: Libgsf
Vendor: CVE Published:; 3 October 2024

Summary

The GNOME Project's G Structured File Library (libgsf) contains an integer overflow vulnerability within its Compound Document Binary File format parser in version 1.14.52. This flaw can be exploited when processing a specially crafted file, which may cause an overflow that leads to a heap-based buffer overflow. Attackers could leverage this vulnerability by providing a malicious file, allowing for the execution of arbitrary code. Given the nature of this vulnerability, it poses significant risks for systems utilizing this library, warranting immediate attention and mitigation strategies.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://gitlab.gnome.org/GNOME/libgsf/-/issues/34

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2024