Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-2723

Опубликовано: 25 мар. 2025
Источник: redhat
CVSS3: 5.3

Описание

A flaw was found in the GNOME libgsf package, affecting the gsf_property_settings_collec function. Manipulation of the n_alloced_params argument can lead to a heap-based buffer overflow.

Отчет

This CVE has been marked as Rejected by the assigning CNA. The code maintainer explains that "[the] call is invalid [as] the buffer pointed to by "data" must have "len" valid bytes." The documentation was fixed to make that clear.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10libgsfFix deferred
Red Hat Enterprise Linux 6libgsfFix deferred
Red Hat Enterprise Linux 7libgsfFix deferred
Red Hat Enterprise Linux 8libgsfFix deferred
Red Hat Enterprise Linux 9libgsfFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:
CWE-119
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2354668libgsf: GNOME libgsf gsf_property_settings_collec heap-based overflow

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-2723

ubuntu
6 месяцев назад

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "[the] call is invalid [as] the buffer pointed to by "data" must have "len" valid bytes." The documentation was fixed to make that clear.

nvd логотип

CVE-2025-2723

nvd
6 месяцев назад

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "[the] call is invalid [as] the buffer pointed to by "data" must have "len" valid bytes." The documentation was fixed to make that clear.

github логотип

GHSA-vx3m-9554-cpqq

CVSS3: 5.3
github
6 месяцев назад

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been rated as critical. This issue affects the function gsf_property_settings_collec. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Attacking locally is a requirement. The vendor was contacted early about this disclosure but did not respond in any way.

fstec логотип

BDU:2025-07134

CVSS3: 5.3
fstec
6 месяцев назад

Уязвимость функции gsf_property_settings_collec библиотеки структурированных файлов The GNOME Project libgsf, позволяющая нарушителю выполнить произвольный код

5.3 Medium

CVSS3