admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-36474.md

18 lines
1.0 KiB
Markdown
Raw Normal View History

Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### [CVE-2024-36474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36474)
![](https://img.shields.io/static/v1?label=Product&message=G%20Structured%20File%20Library%20(libgsf)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.14.52%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen)
### Description
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
### POC
#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink