Gtk3: gtk2: library injection from cwd

CVE-2024-6655

7HIGH

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 16 July 2024

Summary

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.

Affected Version(s)

Red Hat Enterprise Linux 8 <= 0:3.22.30-12.el8_10

References

https://access.redhat.com/errata/RHSA-2024:6963

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2024-6655

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2297098

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024

Collectors

NVD DatabaseMitre Database

.