Bug#1084056: libgsf: CVE-2024-36474 CVE-2024-42415

Source: libgsf
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for libgsf.

CVE-2024-36474[0]:
| An integer overflow vulnerability exists in the Compound Document
| Binary File format parser of the GNOME Project G Structured File
| Library (libgsf) version v1.14.52. A specially crafted file can
| result in an integer overflow when processing the directory from the
| file that allows for an out-of-bounds index to be used when reading
| and writing to an array. This can lead to arbitrary code execution.
| An attacker can provide a malicious file to trigger this
| vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068

CVE-2024-42415[1]:
| An integer overflow vulnerability exists in the Compound Document
| Binary File format parser of v1.14.52 of the GNOME Project G
| Structured File Library (libgsf). A specially crafted file can
| result in an integer overflow that allows for a heap-based buffer
| overflow when processing the sector allocation table. This can lead
| to arbitrary code execution. An attacker can provide a malicious
| file to trigger this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069

Both are tracked/fixed upstream via:
https://gitlab.gnome.org/GNOME/libgsf/-/issues/34
https://gitlab.gnome.org/GNOME/libgsf/-/commit/06d0cb92a4c02e7126ef2ff6f5e29fd74b4be9e0


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-36474
    https://www.cve.org/CVERecord?id=CVE-2024-36474
[1] https://security-tracker.debian.org/tracker/CVE-2024-42415
    https://www.cve.org/CVERecord?id=CVE-2024-42415

Please adjust the affected versions in the BTS as needed.

Read more here: Source link