cve/2024/CVE-2024-42415.md

### [CVE-2024-42415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42415)
![](https://img.shields.io/static/v1?label=Product&message=G%20Structured%20File%20Library%20(libgsf)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.14.52%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=commit_634340d31177c02ccdb43171e37291948e7f8974%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brightgreen)

### Description

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2069

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds