Products
GNOME Structured File Library (libgsf)
- 1.14.52
Source
talos-cna@cisco.com
Tags
CVE-2024-42415 details
Published : Oct. 3, 2024, 4:15 p.m.
Last Modified : Oct. 3, 2024, 4:15 p.m.
Last Modified : Oct. 3, 2024, 4:15 p.m.
Description
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.4 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-190 | Integer Overflow or Wraparound | The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.4
Exploitability Score
2.5
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://gitlab.gnome.org/GNOME/libgsf/-/issues/34 | talos-cna@cisco.com |
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069 | talos-cna@cisco.com |
This website uses the NVD API, but is not approved or certified by it.