{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36474", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-08-23T16:04:24.689Z", "datePublished": "2024-10-03T15:24:46.204Z", "dateUpdated": "2024-10-03T17:20:03.996Z"}, "containers": {"cna": {"affected": [{"vendor": "GNOME Project", "product": "G Structured File Library (libgsf)", "versions": [{"version": "1.14.52", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE", "cweId": "CWE-190"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-10-03T15:24:46.204Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068"}, {"url": "https://gitlab.gnome.org/GNOME/libgsf/-/issues/34", "name": "https://gitlab.gnome.org/GNOME/libgsf/-/issues/34"}], "credits": [{"lang": "en", "value": "Discovered by a member of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2068"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-03T17:02:46.872Z"}}, {"affected": [{"vendor": "gnome", "product": "libgsf", "cpes": ["cpe:2.3:a:gnome:libgsf:1.14.52:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.14.52", "status": "affected"}]}, {"vendor": "gnome", "product": "libgsf", "cpes": ["cpe:2.3:a:gnome:libgsf:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "commit_634340d31177c02ccdb43171e37291948e7f8974", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T17:10:06.324659Z", "id": "CVE-2024-36474", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T17:20:03.996Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2068"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-03T17:02:46.872Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36474", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-03T17:10:06.324659Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gnome:libgsf:1.14.52:*:*:*:*:*:*:*"], "vendor": "gnome", "product": "libgsf", "versions": [{"status": "affected", "version": "1.14.52"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:gnome:libgsf:*:*:*:*:*:*:*:*"], "vendor": "gnome", "product": "libgsf", "versions": [{"status": "affected", "version": "commit_634340d31177c02ccdb43171e37291948e7f8974"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T17:19:27.151Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by a member of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "GNOME Project", "product": "G Structured File Library (libgsf)", "versions": [{"status": "affected", "version": "1.14.52"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068"}, {"url": "https://gitlab.gnome.org/GNOME/libgsf/-/issues/34", "name": "https://gitlab.gnome.org/GNOME/libgsf/-/issues/34"}], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-10-03T15:24:46.204Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36474", "state": "PUBLISHED", "dateUpdated": "2024-10-03T17:20:03.996Z", "dateReserved": "2024-08-23T16:04:24.689Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-10-03T15:24:46.204Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:libgsf:1.14.52:*:*:*:*:*:*:*", "matchCriteriaId": "8F1D11AD-C49A-473B-A1F7-7FDC04493B1D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de n\u00fameros enteros en el analizador de formato de archivo binario de documento compuesto de GNOME Project G Structured File Library (libgsf), versi\u00f3n v1.14.52. Un archivo especialmente manipulado puede provocar un desbordamiento de n\u00fameros enteros al procesar el directorio desde el archivo que permite que se utilice un \u00edndice fuera de los l\u00edmites al leer y escribir en una matriz. Esto puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para activar esta vulnerabilidad."}], "id": "CVE-2024-36474", "lastModified": "2024-10-09T16:37:55.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2024-10-03T16:15:05.010", "references": [{"source": "talos-cna@cisco.com", "tags": ["Issue Tracking"], "url": "https://gitlab.gnome.org/GNOME/libgsf/-/issues/34"}, {"source": "talos-cna@cisco.com", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{"bugzilla": {"description": "libgsf: Compound Document Binary File Directory integer overflow vulnerability", "id": "2316311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316311"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow when processing the directory from the file, allowing an out-of-bounds index to be used when reading and writing to an array. This issue can lead to arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-36474", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libgsf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libgsf", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libgsf", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-03T15:24:46Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36474\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36474\nhttps://gitlab.gnome.org/GNOME/libgsf/-/issues/34\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2024-2068"], "statement": "This vulnerability should be classified as important severity rather than moderate due to the potential impact of the integer overflow, which can lead to arbitrary code execution. The flaw arises in the core parsing logic of the Compound Document Binary File (CDF) format within libgsf, a widely used library for handling structured file formats. An attacker can exploit this by crafting a malicious file that triggers an out-of-bounds memory write, leading to memory corruption. Since this can result in control over execution flow, the vulnerability opens up the risk for remote code execution in applications that rely on libgsf for file handling, making it more dangerous than a moderate-level issue. Additionally, as CDF formats are used in common file types (e.g., Microsoft Office documents), this vulnerability could easily be weaponized through social engineering attacks such as phishing.", "threat_severity": "Important"}