Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-2724

Опубликовано: 25 мар. 2025
Источник: redhat
CVSS3: 3.3

Описание

A flaw was found in the libgsf package, affecting the sorting_key_copy function. It is possible to launch the attack on the local host, and manipulation of the Name argument can lead to out-of-bounds read.

Отчет

This CVE has been marked as Rejected by the assigning CNA. The code maintainer explains that "the only way to get an object of type GsfMSOleSortingKey is via gsf_msole_sorting_key_new which adds that extra zero element".

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10libgsfFix deferred
Red Hat Enterprise Linux 6libgsfFix deferred
Red Hat Enterprise Linux 7libgsfFix deferred
Red Hat Enterprise Linux 8libgsfFix deferred
Red Hat Enterprise Linux 9libgsfFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:
CWE-119
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2354667libgsf: GNOME libgsf sorting_key_copy out-of-bounds

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-2724

ubuntu
6 месяцев назад

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the only way to get an object of type GsfMSOleSortingKey is via gsf_msole_sorting_key_new which adds that extra zero element".

nvd логотип

CVE-2025-2724

nvd
6 месяцев назад

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the only way to get an object of type GsfMSOleSortingKey is via gsf_msole_sorting_key_new which adds that extra zero element".

github логотип

GHSA-qfqf-rmhj-ffx6

CVSS3: 3.3
github
6 месяцев назад

A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.

fstec логотип

BDU:2025-07129

CVSS3: 3.3
fstec
6 месяцев назад

Уязвимость функции sorting_key_copy библиотеки структурированных файлов The GNOME Project libgsf, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации

3.3 Low

CVSS3