Vulnerabilities > CVE-2024-42415 - Unspecified vulnerability in Gnome Libgsf 1.14.52

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gnome

NVD

Published: 2024-10-03

Updated: 2024-11-21

Summary

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Gnome Gnome Libgsf 1.14.52	1

References

http://www.openwall.com/lists/oss-security/2024/10/04/3
https://gitlab.gnome.org/GNOME/libgsf/-/issues/34
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2069