#20463 closed enhancement (fixed)
libgsf-1.14.53
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | high | Milestone: | 12.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (5)
comment:1 by , 6 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 6 months ago
comment:3 by , 6 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits
80907b72c9 Update to btrfs-progs-v6.11. 3ec6feeaa3 Update to libgsf-1.14.53. 62516bedb6 Update to Python3-3.12.7. 23423eed22 Update to sentry_sdk-2.15.0. 229c1690cc Update to xkeyboard-config-2.43. 3b199d0d2a Update to hwdata-0.388.
comment:4 by , 6 months ago
| Priority: | normal → high |
|---|
This one turned out to be a security update. It fixes two vulnerabilities, both of which are integer overflows:
- CVE-2024-42415
and
- CVE-2024-36474
More details on these vulnerabilities can be found here:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069 and https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068
The upstream bug report at GNOME is https://gitlab.gnome.org/GNOME/libgsf/-/issues/34
At least one of the issues is 8.4/10 High, so we'll go with High for this and I'll file an advisory after I'm done reading the rest of my mail.
comment:5 by , 6 months ago
SA-12.2-018 has been issued for this vulnerability.
This one will definitely make it into the email I send out once I'm done with my security tickets. Here's a statement from Red Hat:
This vulnerability should be classified as important severity rather than moderate due to the potential impact of the integer overflow, which can lead to arbitrary code execution. The flaw arises in the core parsing logic of the Compound Document Binary File (CDF) format within libgsf, a widely used library for handling structured file formats. An attacker can exploit this by crafting a malicious file that triggers an out-of-bounds memory write, leading to memory corruption. Since this can result in control over execution flow, the vulnerability opens up the risk for remote code execution in applications that rely on libgsf for file handling, making it more dangerous than a moderate-level issue. Additionally, as CDF formats are used in common file types (e.g., Microsoft Office documents), this vulnerability could easily be weaponized through social engineering attacks such as phishing.
libgsf 1.14.53
Note: The patch is no longer needed.