{"id":"CVE-2019-12447","details":"An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.","modified":"2026-03-20T11:27:48.939843Z","published":"2019-05-29T17:29:00.290Z","related":["ALSA-2020:1766","MGASA-2019-0214","SUSE-SU-2019:1717-1","openSUSE-SU-2019:1697-1","openSUSE-SU-2019:1699-1","openSUSE-SU-2024:10838-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/07/09/3"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4053-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gvfs","events":[{"introduced":"8baec79ab9cb2cb86095b071f3a40f7f6a751ef6"},{"last_affected":"769d0b47a88eff3ca14d34346491b2961e17ecd5"}],"database_specific":{"versions":[{"introduced":"1.29.4"},{"last_affected":"1.41.2"}]}},{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/gvfs","events":[{"introduced":"0"},{"fixed":"d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"}]}],"versions":["1.10.0","1.11.0","1.11.1","1.11.2","1.11.3","1.11.4","1.11.5","1.12.0","1.12.1","1.13.0","1.13.1","1.13.2","1.13.3","1.13.4","1.13.5","1.13.6","1.13.7","1.13.8","1.13.9","1.14.0","1.15.0","1.15.1","1.15.2","1.15.3","1.15.4","1.16.0","1.17.0","1.17.1","1.17.2","1.17.3","1.17.90","1.18.0","1.18.1","1.18.2","1.19.1","1.19.2","1.19.3","1.19.4","1.19.5","1.19.90","1.20.0","1.21.1","1.21.2","1.21.3","1.21.4","1.21.90","1.21.92","1.22.0","1.23.1","1.23.2","1.23.3","1.23.4","1.23.90","1.23.92","1.24.0","1.25.1","1.25.2","1.25.3","1.25.4","1.25.4.1","1.25.90","1.25.91","1.25.92","1.26.0","1.26.1","1.26.1.1","1.26.2","1.27.3","1.27.4","1.27.90","1.27.91","1.27.92","1.28.0","1.28.1","1.29.1","1.29.2","1.29.3","1.29.4","1.29.90","1.29.91","1.29.92","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.30.0","1.31.1","1.31.2","1.31.3","1.31.4","1.31.90","1.31.91","1.31.92","1.32.0","1.33.1","1.33.3","1.33.90","1.33.91","1.33.92","1.34.0","1.35.1","1.35.2","1.35.3","1.35.4","1.35.90","1.35.91","1.35.92","1.36.0","1.37.1","1.37.2","1.37.4","1.37.90","1.37.91","1.38.0","1.39.1","1.39.3","1.39.4","1.39.90","1.39.91","1.39.92","1.4.0","1.40.0","1.41.1","1.41.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.7.3","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","GVFS_0_0_1","GVFS_0_0_2","GVFS_0_1_0","GVFS_0_1_1","GVFS_0_1_10","GVFS_0_1_11","GVFS_0_1_2","GVFS_0_1_3","GVFS_0_1_4","GVFS_0_1_5","GVFS_0_1_6","GVFS_0_1_7","GVFS_0_1_8","GVFS_0_1_9","GVFS_0_2_0","GVFS_0_2_0_1","GVFS_0_2_1","GVFS_0_2_2","GVFS_0_2_4","GVFS_0_99_1","GVFS_0_99_2","GVFS_0_99_3","GVFS_0_99_4","GVFS_0_99_5","GVFS_0_99_6","GVFS_0_99_7","GVFS_1_1_1","GVFS_1_1_2","GVFS_1_1_3","GVFS_1_1_4","GVFS_1_1_5","GVFS_1_1_6","GVFS_1_1_7","GVFS_1_1_8","GVFS_1_2_1","GVFS_1_2_2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12447.json","vanir_signatures":[{"target":{"file":"daemon/gvfsbackendadmin.c","function":"do_query_info"},"signature_type":"Function","id":"CVE-2019-12447-128da555","source":"https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","digest":{"function_hash":"221129427121838919402311318763590252207","length":543},"deprecated":false,"signature_version":"v1"},{"target":{"file":"daemon/gvfsbackendadmin.c","function":"do_query_info_on_read"},"signature_type":"Function","id":"CVE-2019-12447-2c45386e","source":"https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","digest":{"function_hash":"315758984730309787526684648289640819509","length":399},"deprecated":false,"signature_version":"v1"},{"target":{"file":"daemon/gvfsbackendadmin.c"},"signature_type":"Line","id":"CVE-2019-12447-2f863eae","source":"https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","digest":{"line_hashes":["73916177003641685572968591140627056112","253018699655399886978684173833991900463","32636196277512700844917516674410904213","60225804736163445770261030020149093149","295188651935798861711237930154468362773","336949180031531535903300586715887847111","122733523442005799036535946978199199215","38715005556965058985949591750549156080","190219455231647675840419608914300357934","130958840252877500505001559892379322624","84226649914448015677384007816104284654","298302122726318424865405617214389136455","193864371884430685022515345336037369450","107778891356980170510552533430107576593","140936156180911864638887877595746396694","45125191213936464693370036745465389237","193864371884430685022515345336037369450","107778891356980170510552533430107576593","140936156180911864638887877595746396694","45125191213936464693370036745465389237","193864371884430685022515345336037369450","107778891356980170510552533430107576593","140936156180911864638887877595746396694","199385678116433857180824745464754018949","308700058573000777060027644789832722692","258936626926811761635742473922404076168","298306042285414535072862238550100067832","38621369527279116206907721802346232539","247610009810254618915339530098308913622","276737675418966760951910999472124881363"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"daemon/gvfsbackendadmin.c","function":"do_query_info_on_write"},"signature_type":"Function","id":"CVE-2019-12447-5d0df07e","source":"https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","digest":{"function_hash":"315758984730309787526684648289640819509","length":399},"deprecated":false,"signature_version":"v1"},{"target":{"file":"daemon/gvfsbackendadmin.c","function":"fix_file_info"},"signature_type":"Function","id":"CVE-2019-12447-65afe312","source":"https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","digest":{"function_hash":"102790847050225268433877757460925083898","length":300},"deprecated":false,"signature_version":"v1"},{"target":{"file":"daemon/gvfsbackendadmin.c","function":"acquire_caps"},"signature_type":"Function","id":"CVE-2019-12447-b7af7425","source":"https://gitlab.gnome.org/GNOME/gvfs@d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80","digest":{"function_hash":"320077015584121439858559977796245338654","length":483},"deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}]}