MGASA-2024-0337

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0337.html

Import Source

https://advisories.mageia.org/MGASA-2024-0337.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0337

Related

Published

2024-10-27T02:37:06Z

Modified

2024-10-27T01:48:00Z

Summary

Updated libgsf packages fix security vulnerabilities

Details

An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2024-36474) An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2024-42415)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / libgsf

Package

Name: libgsf
Purl: pkg:rpm/mageia/libgsf?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.50-1.1.mga9

Ecosystem specific

{
    "section": "core"
}