Gtk3: gtk2: library injection from cwd

CVE-2024-6655

7HIGH

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 16 July 2024

Summary

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.

Affected Version(s)

Red Hat Enterprise Linux 8 <= 0:3.22.30-12.el8_10

CVSS V3.1

Score:

7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: null to: 7 - (HIGH)
Sep 9, 2024
Vulnerability published.
Jul 16, 2024
Reported to Red Hat.
Jul 10, 2024

Collectors

NVD DatabaseMitre Database

.