{"id":"CVE-2019-12447","details":"An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.","modified":"2026-05-18T13:12:16.527453Z","published":"2019-05-29T17:29:00.290Z","related":["ALSA-2020:1766","SUSE-SU-2019:1717-1","openSUSE-SU-2019:1697-1","openSUSE-SU-2019:1699-1","openSUSE-SU-2024:10838-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"canonical:ubuntu_linux","source":"CPE_FIELD","extracted_events":[{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"18.10"},{"last_affected":"19.04"}],"cpes":["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"]},{"vendor_product":"fedoraproject:fedora","source":"CPE_FIELD","extracted_events":[{"last_affected":"29"},{"last_affected":"30"}],"cpes":["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"]},{"vendor_product":"opensuse:leap","source":"CPE_FIELD","extracted_events":[{"last_affected":"15.0"},{"last_affected":"15.1"}],"cpes":["cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/07/09/3"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4053-1/"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gvfs","events":[{"introduced":"8baec79ab9cb2cb86095b071f3a40f7f6a751ef6"},{"last_affected":"769d0b47a88eff3ca14d34346491b2961e17ecd5"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:gnome:gvfs:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.29.4"},{"last_affected":"1.41.2"}]}}],"versions":["1.41.2","1.41.1","1.40.0","1.39.92","1.39.91","1.39.90","1.39.4","1.39.3","1.39.1","1.38.0","1.37.91","1.37.90","1.37.4","1.37.2","1.37.1","1.36.0","1.35.92","1.35.91","1.35.90","1.35.4","1.35.3","1.35.2","1.35.1","1.34.0","1.33.92","1.33.91","1.33.90","1.33.3","1.33.1","1.32.0","1.31.92","1.31.91","1.31.90","1.31.4","1.31.3","1.31.2","1.31.1","1.30.0","1.29.92","1.29.91","1.29.90","1.29.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12447.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/gnome/gvfs","events":[{"introduced":"0"},{"fixed":"d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"}],"database_specific":{"source":"REFERENCES"}}],"versions":["1.41.2","1.41.1","1.40.0","1.39.92","1.39.91","1.39.90","1.39.4","1.39.3","1.39.1","1.38.0","1.37.91","1.37.90","1.37.4","1.37.2","1.37.1","1.36.0","1.35.92","1.35.91","1.35.90","1.35.4","1.35.3","1.35.2","1.35.1","1.34.0","1.33.92","1.33.91","1.33.90","1.33.3","1.33.1","1.32.0","1.31.92","1.31.91","1.31.90","1.31.4","1.31.3","1.31.2","1.31.1","1.30.0","1.29.92","1.29.91","1.29.90","1.29.4","1.29.3","1.29.2","1.29.1","1.28.1","1.28.0","1.27.92","1.27.91","1.27.90","1.27.4","1.27.3","1.26.2","1.26.1.1","1.26.1","1.26.0","1.25.92","1.25.91","1.25.90","1.25.4.1","1.25.4","1.25.3","1.25.2","1.25.1","1.24.0","1.23.92","1.23.90","1.23.4","1.23.3","1.23.2","1.23.1","1.22.0","1.21.92","1.21.90","1.21.4","1.21.3","1.21.2","1.21.1","1.20.0","1.19.90","1.19.5","1.19.4","1.19.3","1.19.2","1.19.1","1.18.2","1.18.1","1.18.0","1.17.90","1.17.3","1.17.2","1.17.1","1.17.0","1.16.0","1.15.4","1.15.3","1.15.2","1.14.0","1.15.1","1.15.0","1.13.9","1.13.8","1.13.7","1.13.6","1.13.5","1.13.4","1.13.3","1.13.2","1.13.1","1.13.0","1.12.1","1.12.0","1.11.5","1.11.4","1.11.3","1.10.0","1.9.5","1.9.4","1.9.3","1.9.2","1.9.1","1.9.0","1.7.3","1.7.2","1.7.1","1.7.0","1.6.5","1.6.4","1.6.3","1.6.2","1.6.1","1.6.0","1.5.5","1.5.4","1.5.3","1.5.2","1.5.1","1.4.0","1.3.6","1.3.5","1.3.4","1.3.3","1.3.2","1.3.1","GVFS_1_2_2","GVFS_1_2_1","GVFS_1_1_8","GVFS_1_1_7","GVFS_1_1_6","GVFS_1_1_5","GVFS_1_1_4","GVFS_1_1_3","GVFS_1_1_2","GVFS_1_1_1","GVFS_0_99_7","GVFS_0_99_6","GVFS_0_99_5","GVFS_0_99_4","GVFS_0_99_3","GVFS_0_99_2","GVFS_0_99_1","GVFS_0_2_4","GVFS_0_2_2","GVFS_0_2_1","GVFS_0_2_0_1","GVFS_0_2_0","GVFS_0_1_11","GVFS_0_1_10","GVFS_0_1_9","GVFS_0_1_8","GVFS_0_1_7","GVFS_0_1_6","GVFS_0_1_5","GVFS_0_1_4","GVFS_0_1_3","GVFS_0_1_2","GVFS_0_1_1","GVFS_0_1_0","GVFS_0_0_2","GVFS_0_0_1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","id":"CVE-2019-12447-5aa4fbd5","digest":{"function_hash":"320077015584121439858559977796245338654","length":483},"target":{"function":"acquire_caps","file":"daemon/gvfsbackendadmin.c"},"source":"https://gitlab.gnome.org/gnome/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"CVE-2019-12447-6594e110","digest":{"line_hashes":["73916177003641685572968591140627056112","253018699655399886978684173833991900463","32636196277512700844917516674410904213","60225804736163445770261030020149093149","295188651935798861711237930154468362773","336949180031531535903300586715887847111","122733523442005799036535946978199199215","38715005556965058985949591750549156080","190219455231647675840419608914300357934","130958840252877500505001559892379322624","84226649914448015677384007816104284654","298302122726318424865405617214389136455","193864371884430685022515345336037369450","107778891356980170510552533430107576593","140936156180911864638887877595746396694","45125191213936464693370036745465389237","193864371884430685022515345336037369450","107778891356980170510552533430107576593","140936156180911864638887877595746396694","45125191213936464693370036745465389237","193864371884430685022515345336037369450","107778891356980170510552533430107576593","140936156180911864638887877595746396694","199385678116433857180824745464754018949","308700058573000777060027644789832722692","258936626926811761635742473922404076168","298306042285414535072862238550100067832","38621369527279116206907721802346232539","247610009810254618915339530098308913622","276737675418966760951910999472124881363"],"threshold":0.9},"target":{"file":"daemon/gvfsbackendadmin.c"},"source":"https://gitlab.gnome.org/gnome/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"CVE-2019-12447-bb7e6c47","digest":{"function_hash":"221129427121838919402311318763590252207","length":543},"target":{"function":"do_query_info","file":"daemon/gvfsbackendadmin.c"},"source":"https://gitlab.gnome.org/gnome/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"CVE-2019-12447-c7d919f4","digest":{"function_hash":"102790847050225268433877757460925083898","length":300},"target":{"function":"fix_file_info","file":"daemon/gvfsbackendadmin.c"},"source":"https://gitlab.gnome.org/gnome/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"CVE-2019-12447-caa3c2f6","digest":{"function_hash":"315758984730309787526684648289640819509","length":399},"target":{"function":"do_query_info_on_read","file":"daemon/gvfsbackendadmin.c"},"source":"https://gitlab.gnome.org/gnome/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"CVE-2019-12447-f9a4f056","digest":{"function_hash":"315758984730309787526684648289640819509","length":399},"target":{"function":"do_query_info_on_write","file":"daemon/gvfsbackendadmin.c"},"source":"https://gitlab.gnome.org/gnome/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12447.json","vanir_signatures_modified":"2026-05-18T13:12:16Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}]}