Gtk3: gtk2: library injection from cwd
CVE-2024-6655

7HIGH

Key Information:

Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 10
Vendor
CVE Published:
16 July 2024

What is CVE-2024-6655?

A significant flaw has been identified within the GTK library, allowing an attacker to potentially inject a malicious library into a GTK application through manipulation of the current working directory. This vulnerability arises under specific conditions where the library path can be controlled, leading to possible exploitation of applications that utilize GTK for their graphical user interface. It poses risks to application integrity and could be exploited to execute arbitrary code in the context of the affected application. Mitigation and updates from vendors are essential to secure systems against this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2024:6963
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:9184
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-6655
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.