{"id":"CVE-2019-12450","details":"file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.","modified":"2026-04-15T23:59:51.588499639Z","published":"2019-05-29T17:29:00.413Z","related":["SUSE-SU-2019:14102-1","SUSE-SU-2019:1594-1","SUSE-SU-2019:1596-1","SUSE-SU-2019:1722-1","openSUSE-SU-2019:1650-1","openSUSE-SU-2024:10791-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"12.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"14.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"16.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"18.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"18.10"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"19.04"}],"cpe":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"30"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"15.0"}],"cpe":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.1"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.2"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.4"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.6"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.2"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.4"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.6"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.2"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.4"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.6"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3530"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190606-0003/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4014-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4014-2/"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/glib","events":[{"introduced":"0"},{"last_affected":"e10eff122cbfbc1285dc3ebcae1f07182da36587"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"2.15.0"},{"last_affected":"2.61.1"}],"cpe":"cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*"}}],"versions":["2.20.0","2.20.1","2.21.1","2.21.2","2.21.3","2.21.4","2.21.5","2.21.6","2.22.0","2.22.2","2.23.0","2.23.1","2.23.2","2.23.3","2.23.4","2.23.5","2.23.6","2.24.0","2.25.0","2.25.10","2.25.11","2.25.12","2.25.13","2.25.14","2.25.15","2.25.2","2.25.3","2.25.4","2.25.5","2.25.6","2.25.8","2.25.9","2.27.0","2.27.1","2.27.2","2.27.3","2.27.5","2.27.90","2.27.91","2.27.92","2.27.93","2.28.0","2.29.10","2.29.12","2.29.14","2.29.16","2.29.18","2.29.4","2.29.6","2.29.8","2.29.90","2.31.0","2.31.10","2.31.12","2.31.14","2.31.16","2.31.18","2.31.2","2.31.20","2.31.22","2.31.4","2.31.6","2.31.8","2.32.0","2.32.1","2.33.1","2.33.10","2.33.12","2.33.14","2.33.2","2.33.3","2.33.4","2.33.6","2.33.8","2.34.0","2.35.1","2.35.2","2.35.3","2.35.4","2.35.6","2.35.7","2.35.8","2.35.9","2.36.0","2.37.0","2.37.1","2.37.2","2.37.3","2.37.4","2.37.5","2.37.6","2.37.7","2.37.92","2.37.93","2.38.0","2.39.0","2.39.1","2.39.2","2.39.3","2.39.4","2.39.90","2.39.91","2.39.92","2.41.1","2.41.2","2.41.3","2.41.4","2.41.5","2.42.0","2.43.0","2.43.1","2.43.2","2.43.3","2.43.4","2.43.90","2.43.91","2.43.92","2.45.1","2.45.2","2.45.3","2.45.4","2.45.5","2.45.6","2.45.7","2.45.8","2.46.0","2.47.1","2.47.2","2.47.3","2.47.4","2.47.5","2.47.6","2.47.92","2.48.0","2.49.1","2.49.2","2.49.3","2.49.4","2.49.5","2.49.6","2.49.7","2.50.0","2.50.1","2.51.0","2.51.1","2.51.2","2.51.3","2.51.4","2.51.5","2.52.0","2.53.1","2.53.2","2.53.3","2.53.4","2.53.5","2.53.6","2.53.7","2.54.0","2.55.0","2.55.1","2.56.0","2.57.1","2.57.2","2.57.3","2.58.0","2.59.0","2.59.1","2.59.2","2.59.3","2.60.0","2.61.0","2.61.1","FOR_GNOME_0_99_1","GLIB_1_1_0","GLIB_1_1_1","GLIB_1_1_10","GLIB_1_1_11","GLIB_1_1_12","GLIB_1_1_13","GLIB_1_1_14","GLIB_1_1_15","GLIB_1_1_16","GLIB_1_1_2","GLIB_1_1_3","GLIB_1_1_3a","GLIB_1_1_4","GLIB_1_1_5","GLIB_1_1_6","GLIB_1_1_7","GLIB_1_1_8","GLIB_1_1_8a","GLIB_1_1_9","GLIB_1_2_0","GLIB_1_2_9PRE1","GLIB_1_3_0","GLIB_1_3_1","GLIB_1_3_10","GLIB_1_3_11","GLIB_1_3_12","GLIB_1_3_13","GLIB_1_3_14","GLIB_1_3_15","GLIB_1_3_2","GLIB_1_3_3","GLIB_1_3_4","GLIB_1_3_5","GLIB_1_3_6","GLIB_1_3_7","GLIB_1_3_8","GLIB_1_3_9","GLIB_2_0_0","GLIB_2_0_0_RC1","GLIB_2_0_1","GLIB_2_10_0","GLIB_2_10_1","GLIB_2_11_0","GLIB_2_11_1","GLIB_2_11_2","GLIB_2_11_3","GLIB_2_11_4","GLIB_2_12_0","GLIB_2_12_1","GLIB_2_12_2","GLIB_2_13_0","GLIB_2_13_1","GLIB_2_13_2","GLIB_2_13_3","GLIB_2_13_5","GLIB_2_13_6","GLIB_2_13_7","GLIB_2_14_0","GLIB_2_14_1","GLIB_2_14_2","GLIB_2_14_3","GLIB_2_15_1","GLIB_2_15_2","GLIB_2_15_3","GLIB_2_15_4","GLIB_2_15_5","GLIB_2_15_6","GLIB_2_16_1","GLIB_2_17_0","GLIB_2_17_1","GLIB_2_17_2","GLIB_2_17_3","GLIB_2_17_4","GLIB_2_17_5","GLIB_2_17_6","GLIB_2_17_7","GLIB_2_18_0","GLIB_2_18_1","GLIB_2_19_0","GLIB_2_19_1","GLIB_2_19_10","GLIB_2_19_2","GLIB_2_19_3","GLIB_2_19_4","GLIB_2_19_5","GLIB_2_19_6","GLIB_2_19_7","GLIB_2_19_8","GLIB_2_19_9","GLIB_2_1_3","GLIB_2_1_4","GLIB_2_1_5","GLIB_2_20_0","GLIB_2_2_0","GLIB_2_3_0","GLIB_2_3_1","GLIB_2_3_2","GLIB_2_3_3","GLIB_2_3_5","GLIB_2_3_6","GLIB_2_4_0","GLIB_2_4_1","GLIB_2_5_0","GLIB_2_5_1","GLIB_2_5_2","GLIB_2_5_3","GLIB_2_5_5","GLIB_2_5_6","GLIB_2_6_0","GLIB_2_6_1","GLIB_2_7_0","GLIB_2_7_1","GLIB_2_7_2","GLIB_2_7_3","GLIB_2_7_4","GLIB_2_7_5","GLIB_2_7_6","GLIB_2_7_7","GLIB_2_8_0","GLIB_2_8_1","GLIB_2_9_0","GLIB_2_9_1","GLIB_2_9_2","GLIB_2_9_3","GLIB_2_9_4","GLIB_2_9_5","GLIB_2_9_6","GLIB_GNOME_0_99_1","GLIB_VERSION_1_1_3","GNOME_PRINT_0_24","GOBJECT_GType_guint","GTK_2_5_4","GTK_2_7_4","GTK_ALL_1_3_6","PRE_CLEANUP","R_2_0_core","glib-2-0-branchpoint","glib-2-10-branchpoint","glib-2-12-branchpoint","glib-2-2-branchpoint","glib-2-4-branchpoint","glib-2-6-branchpoint","glib-2.25.7","gobject_0_10_0","gobject_0_9_0","start"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12450.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/glib","events":[{"introduced":"0"},{"fixed":"d8f8f4d637ce43f8699ba94c9b7648beda0ca174"}],"database_specific":{"source":"REFERENCES"}}],"versions":["2.20.0","2.20.1","2.21.1","2.21.2","2.21.3","2.21.4","2.21.5","2.21.6","2.22.0","2.22.2","2.23.0","2.23.1","2.23.2","2.23.3","2.23.4","2.23.5","2.23.6","2.24.0","2.25.0","2.25.10","2.25.11","2.25.12","2.25.13","2.25.14","2.25.15","2.25.2","2.25.3","2.25.4","2.25.5","2.25.6","2.25.8","2.25.9","2.27.0","2.27.1","2.27.2","2.27.3","2.27.5","2.27.90","2.27.91","2.27.92","2.27.93","2.28.0","2.29.10","2.29.12","2.29.14","2.29.16","2.29.18","2.29.4","2.29.6","2.29.8","2.29.90","2.31.0","2.31.10","2.31.12","2.31.14","2.31.16","2.31.18","2.31.2","2.31.20","2.31.22","2.31.4","2.31.6","2.31.8","2.32.0","2.32.1","2.33.1","2.33.10","2.33.12","2.33.14","2.33.2","2.33.3","2.33.4","2.33.6","2.33.8","2.34.0","2.35.1","2.35.2","2.35.3","2.35.4","2.35.6","2.35.7","2.35.8","2.35.9","2.36.0","2.37.0","2.37.1","2.37.2","2.37.3","2.37.4","2.37.5","2.37.6","2.37.7","2.37.92","2.37.93","2.38.0","2.39.0","2.39.1","2.39.2","2.39.3","2.39.4","2.39.90","2.39.91","2.39.92","2.41.1","2.41.2","2.41.3","2.41.4","2.41.5","2.42.0","2.43.0","2.43.1","2.43.2","2.43.3","2.43.4","2.43.90","2.43.91","2.43.92","2.45.1","2.45.2","2.45.3","2.45.4","2.45.5","2.45.6","2.45.7","2.45.8","2.46.0","2.47.1","2.47.2","2.47.3","2.47.4","2.47.5","2.47.6","2.47.92","2.48.0","2.49.1","2.49.2","2.49.3","2.49.4","2.49.5","2.49.6","2.49.7","2.50.0","2.50.1","2.51.0","2.51.1","2.51.2","2.51.3","2.51.4","2.51.5","2.52.0","2.53.1","2.53.2","2.53.3","2.53.4","2.53.5","2.53.6","2.53.7","2.54.0","2.55.0","2.55.1","2.56.0","2.57.1","2.57.2","2.57.3","2.58.0","2.59.0","2.59.1","2.59.2","2.59.3","2.60.0","2.61.0","FOR_GNOME_0_99_1","GLIB_1_1_0","GLIB_1_1_1","GLIB_1_1_10","GLIB_1_1_11","GLIB_1_1_12","GLIB_1_1_13","GLIB_1_1_14","GLIB_1_1_15","GLIB_1_1_16","GLIB_1_1_2","GLIB_1_1_3","GLIB_1_1_3a","GLIB_1_1_4","GLIB_1_1_5","GLIB_1_1_6","GLIB_1_1_7","GLIB_1_1_8","GLIB_1_1_8a","GLIB_1_1_9","GLIB_1_2_0","GLIB_1_2_9PRE1","GLIB_1_3_0","GLIB_1_3_1","GLIB_1_3_10","GLIB_1_3_11","GLIB_1_3_12","GLIB_1_3_13","GLIB_1_3_14","GLIB_1_3_15","GLIB_1_3_2","GLIB_1_3_3","GLIB_1_3_4","GLIB_1_3_5","GLIB_1_3_6","GLIB_1_3_7","GLIB_1_3_8","GLIB_1_3_9","GLIB_2_0_0","GLIB_2_0_0_RC1","GLIB_2_0_1","GLIB_2_10_0","GLIB_2_10_1","GLIB_2_11_0","GLIB_2_11_1","GLIB_2_11_2","GLIB_2_11_3","GLIB_2_11_4","GLIB_2_12_0","GLIB_2_12_1","GLIB_2_12_2","GLIB_2_13_0","GLIB_2_13_1","GLIB_2_13_2","GLIB_2_13_3","GLIB_2_13_5","GLIB_2_13_6","GLIB_2_13_7","GLIB_2_14_0","GLIB_2_14_1","GLIB_2_14_2","GLIB_2_14_3","GLIB_2_15_1","GLIB_2_15_2","GLIB_2_15_3","GLIB_2_15_4","GLIB_2_15_5","GLIB_2_15_6","GLIB_2_16_1","GLIB_2_17_0","GLIB_2_17_1","GLIB_2_17_2","GLIB_2_17_3","GLIB_2_17_4","GLIB_2_17_5","GLIB_2_17_6","GLIB_2_17_7","GLIB_2_18_0","GLIB_2_18_1","GLIB_2_19_0","GLIB_2_19_1","GLIB_2_19_10","GLIB_2_19_2","GLIB_2_19_3","GLIB_2_19_4","GLIB_2_19_5","GLIB_2_19_6","GLIB_2_19_7","GLIB_2_19_8","GLIB_2_19_9","GLIB_2_1_3","GLIB_2_1_4","GLIB_2_1_5","GLIB_2_20_0","GLIB_2_2_0","GLIB_2_3_0","GLIB_2_3_1","GLIB_2_3_2","GLIB_2_3_3","GLIB_2_3_5","GLIB_2_3_6","GLIB_2_4_0","GLIB_2_4_1","GLIB_2_5_0","GLIB_2_5_1","GLIB_2_5_2","GLIB_2_5_3","GLIB_2_5_5","GLIB_2_5_6","GLIB_2_6_0","GLIB_2_6_1","GLIB_2_7_0","GLIB_2_7_1","GLIB_2_7_2","GLIB_2_7_3","GLIB_2_7_4","GLIB_2_7_5","GLIB_2_7_6","GLIB_2_7_7","GLIB_2_8_0","GLIB_2_8_1","GLIB_2_9_0","GLIB_2_9_1","GLIB_2_9_2","GLIB_2_9_3","GLIB_2_9_4","GLIB_2_9_5","GLIB_2_9_6","GLIB_GNOME_0_99_1","GLIB_VERSION_1_1_3","GNOME_PRINT_0_24","GOBJECT_GType_guint","GTK_2_5_4","GTK_2_7_4","GTK_ALL_1_3_6","PRE_CLEANUP","R_2_0_core","glib-2-0-branchpoint","glib-2-10-branchpoint","glib-2-12-branchpoint","glib-2-2-branchpoint","glib-2-4-branchpoint","glib-2-6-branchpoint","glib-2.25.7","gobject_0_10_0","gobject_0_9_0","start"],"database_specific":{"vanir_signatures_modified":"2026-04-11T21:44:27Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12450.json","vanir_signatures":[{"deprecated":false,"signature_version":"v1","source":"https://gitlab.gnome.org/GNOME/glib@d8f8f4d637ce43f8699ba94c9b7648beda0ca174","signature_type":"Function","digest":{"function_hash":"282269249828500956183171168307225619672","length":3178},"target":{"function":"file_copy_fallback","file":"gio/gfile.c"},"id":"CVE-2019-12450-db97f6d7"},{"deprecated":false,"signature_version":"v1","source":"https://gitlab.gnome.org/GNOME/glib@d8f8f4d637ce43f8699ba94c9b7648beda0ca174","signature_type":"Line","digest":{"line_hashes":["18154310599445891265789953056144380016","26978194925207615613276966846262783826","44188125156137456810175175327233050948","24711377008157761840850927645386078297","173401350418948135801591620212348836191","307860364364235025697477378033658516698","216972604397684258858930605005890395664","214842164195004441718247934813391054311","337039869312679718413725671078647245374","166065903565865313772349404008125828786","204563863403881552745818967598894215406","80275230557142796238605690606151556482","21033303117232726880489512803215487074","284575079164599280853285046410360939930","253132457953325221229363650136327213004","27825990500074545806470776960340604816","133592055149642106245409610484309541450","292009651485235278464215421453070145502"],"threshold":0.9},"target":{"file":"gio/gfile.c"},"id":"CVE-2019-12450-f09ef021"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}