CVE-2019-12447

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-12447

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12447.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-12447

Downstream

DEBIAN-CVE-2019-12447

RHSA-2020:1766

SUSE-SU-2019:1717-1

UBUNTU-CVE-2019-12447

USN-4053-1

openSUSE-SU-2019:1697-1

openSUSE-SU-2019:1699-1

openSUSE-SU-2024:10838-1

Related

Published

2019-05-29T17:29:00Z

Modified

2025-09-19T10:26:43.579907Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

References

Affected packages

Alpine:v3.7 / gvfs

Package

Name: gvfs
Purl: pkg:apk/alpine/gvfs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.34.1-r1

Affected versions

1.*

1.6.6-r0

1.6.6-r1

1.6.6-r2

1.6.6-r3

1.7.2-r0

1.7.2-r1

1.8.1-r0

1.8.2-r0

1.8.2-r1

1.9.0-r0

1.9.0-r1

1.9.1-r0

1.9.1-r1

1.9.1-r2

1.9.1-r4

1.9.2-r0

1.12.3-r0

1.14.0-r0

1.14.0-r1

1.14.2-r0

1.16.0-r0

1.16.1-r0

1.16.2-r0

1.16.3-r0

1.18.2-r0

1.18.3-r0

1.18.3-r1

1.20.0-r0

1.20.1-r0

1.20.2-r0

1.22.1-r0

1.22.1-r1

1.22.2-r0

1.22.2-r1

1.22.2-r2

1.22.3-r0

1.24.1-r0

1.24.1-r1

1.24.2-r0

1.26.2-r0

1.26.3-r0

1.28.1-r0

1.28.2-r0

1.28.3-r0

1.30.0-r0

1.30.1-r0

1.30.3-r0

1.32.1-r0

1.33.3-r0

1.33.92-r0

1.34.1-r0

Alpine:v3.8 / gvfs

Package

Name: gvfs
Purl: pkg:apk/alpine/gvfs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.36.1-r1

Affected versions

1.*

1.6.6-r0

1.6.6-r1

1.6.6-r2

1.6.6-r3

1.7.2-r0

1.7.2-r1

1.8.1-r0

1.8.2-r0

1.8.2-r1

1.9.0-r0

1.9.0-r1

1.9.1-r0

1.9.1-r1

1.9.1-r2

1.9.1-r4

1.9.2-r0

1.12.3-r0

1.14.0-r0

1.14.0-r1

1.14.2-r0

1.16.0-r0

1.16.1-r0

1.16.2-r0

1.16.3-r0

1.18.2-r0

1.18.3-r0

1.18.3-r1

1.20.0-r0

1.20.1-r0

1.20.2-r0

1.22.1-r0

1.22.1-r1

1.22.2-r0

1.22.2-r1

1.22.2-r2

1.22.3-r0

1.24.1-r0

1.24.1-r1

1.24.2-r0

1.26.2-r0

1.26.3-r0

1.28.1-r0

1.28.2-r0

1.28.3-r0

1.30.0-r0

1.30.1-r0

1.30.3-r0

1.32.1-r0

1.33.3-r0

1.33.92-r0

1.34.1-r0

1.34.1-r1

1.36.1-r0

Git / github.com/gnome/gvfs

Affected ranges

Type: GIT
Repo: https://github.com/gnome/gvfs
Events: Introduced

8baec79ab9cb2cb86095b071f3a40f7f6a751ef6

Last affected

769d0b47a88eff3ca14d34346491b2961e17ecd5

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/gvfs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80

Affected versions

1.*

1.10.0

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.12.0

1.12.1

1.13.0

1.13.1

1.13.2

1.13.3

1.13.4

1.13.5

1.13.6

1.13.7

1.13.8

1.13.9

1.14.0

1.15.0

1.15.1

1.15.2

1.15.3

1.15.4

1.16.0

1.17.0

1.17.1

1.17.2

1.17.3

1.17.90

1.18.0

1.18.1

1.18.2

1.19.1

1.19.2

1.19.3

1.19.4

1.19.5

1.19.90

1.20.0

1.21.1

1.21.2

1.21.3

1.21.4

1.21.90

1.21.92

1.22.0

1.23.1

1.23.2

1.23.3

1.23.4

1.23.90

1.23.92

1.24.0

1.25.1

1.25.2

1.25.3

1.25.4

1.25.4.1

1.25.90

1.25.91

1.25.92

1.26.0

1.26.1

1.26.1.1

1.26.2

1.27.3

1.27.4

1.27.90

1.27.91

1.27.92

1.28.0

1.28.1

1.29.1

1.29.2

1.29.3

1.29.4

1.29.90

1.29.91

1.29.92

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.30.0

1.31.1

1.31.2

1.31.3

1.31.4

1.31.90

1.31.91

1.31.92

1.32.0

1.33.1

1.33.3

1.33.90

1.33.91

1.33.92

1.34.0

1.35.1

1.35.2

1.35.3

1.35.4

1.35.90

1.35.91

1.35.92

1.36.0

1.37.1

1.37.2

1.37.4

1.37.90

1.37.91

1.38.0

1.39.1

1.39.3

1.39.4

1.39.90

1.39.91

1.39.92

1.4.0

1.40.0

1.41.1

1.41.2

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.7.0

1.7.1

1.7.2

1.7.3

1.9.0

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

Other

GVFS_0_0_1

GVFS_0_0_2

GVFS_0_1_0

GVFS_0_1_1

GVFS_0_1_10

GVFS_0_1_11

GVFS_0_1_2

GVFS_0_1_3

GVFS_0_1_4

GVFS_0_1_5

GVFS_0_1_6

GVFS_0_1_7

GVFS_0_1_8

GVFS_0_1_9

GVFS_0_2_0

GVFS_0_2_0_1

GVFS_0_2_1

GVFS_0_2_2

GVFS_0_2_4

GVFS_0_99_1

GVFS_0_99_2

GVFS_0_99_3

GVFS_0_99_4

GVFS_0_99_5

GVFS_0_99_6

GVFS_0_99_7

GVFS_1_1_1

GVFS_1_1_2

GVFS_1_1_3

GVFS_1_1_4

GVFS_1_1_5

GVFS_1_1_6

GVFS_1_1_7

GVFS_1_1_8

GVFS_1_2_1

GVFS_1_2_2

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2019-12447-128da555",
            "signature_type": "Function",
            "digest": {
                "function_hash": "221129427121838919402311318763590252207",
                "length": 543.0
            },
            "target": {
                "file": "daemon/gvfsbackendadmin.c",
                "function": "do_query_info"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"
        },
        {
            "id": "CVE-2019-12447-2c45386e",
            "signature_type": "Function",
            "digest": {
                "function_hash": "315758984730309787526684648289640819509",
                "length": 399.0
            },
            "target": {
                "file": "daemon/gvfsbackendadmin.c",
                "function": "do_query_info_on_read"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"
        },
        {
            "id": "CVE-2019-12447-2f863eae",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "73916177003641685572968591140627056112",
                    "253018699655399886978684173833991900463",
                    "32636196277512700844917516674410904213",
                    "60225804736163445770261030020149093149",
                    "295188651935798861711237930154468362773",
                    "336949180031531535903300586715887847111",
                    "122733523442005799036535946978199199215",
                    "38715005556965058985949591750549156080",
                    "190219455231647675840419608914300357934",
                    "130958840252877500505001559892379322624",
                    "84226649914448015677384007816104284654",
                    "298302122726318424865405617214389136455",
                    "193864371884430685022515345336037369450",
                    "107778891356980170510552533430107576593",
                    "140936156180911864638887877595746396694",
                    "45125191213936464693370036745465389237",
                    "193864371884430685022515345336037369450",
                    "107778891356980170510552533430107576593",
                    "140936156180911864638887877595746396694",
                    "45125191213936464693370036745465389237",
                    "193864371884430685022515345336037369450",
                    "107778891356980170510552533430107576593",
                    "140936156180911864638887877595746396694",
                    "199385678116433857180824745464754018949",
                    "308700058573000777060027644789832722692",
                    "258936626926811761635742473922404076168",
                    "298306042285414535072862238550100067832",
                    "38621369527279116206907721802346232539",
                    "247610009810254618915339530098308913622",
                    "276737675418966760951910999472124881363"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "daemon/gvfsbackendadmin.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"
        },
        {
            "id": "CVE-2019-12447-5d0df07e",
            "signature_type": "Function",
            "digest": {
                "function_hash": "315758984730309787526684648289640819509",
                "length": 399.0
            },
            "target": {
                "file": "daemon/gvfsbackendadmin.c",
                "function": "do_query_info_on_write"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"
        },
        {
            "id": "CVE-2019-12447-65afe312",
            "signature_type": "Function",
            "digest": {
                "function_hash": "102790847050225268433877757460925083898",
                "length": 300.0
            },
            "target": {
                "file": "daemon/gvfsbackendadmin.c",
                "function": "fix_file_info"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"
        },
        {
            "id": "CVE-2019-12447-b7af7425",
            "signature_type": "Function",
            "digest": {
                "function_hash": "320077015584121439858559977796245338654",
                "length": 483.0
            },
            "target": {
                "file": "daemon/gvfsbackendadmin.c",
                "function": "acquire_caps"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"
        }
    ]
}