{"id":"MGASA-2024-0337","summary":"Updated libgsf packages fix security vulnerabilities","details":"An integer overflow vulnerability exists in the Compound Document Binary\nFile format parser of the GNOME Project G Structured File Library\n(libgsf) version v1.14.52. A specially crafted file can result in an\ninteger overflow when processing the directory from the file that allows\nfor an out-of-bounds index to be used when reading and writing to an\narray. This can lead to arbitrary code execution. An attacker can\nprovide a malicious file to trigger this vulnerability. (CVE-2024-36474)\nAn integer overflow vulnerability exists in the Compound Document Binary\nFile format parser of v1.14.52 of the GNOME Project G Structured File\nLibrary (libgsf). A specially crafted file can result in an integer\noverflow that allows for a heap-based buffer overflow when processing\nthe sector allocation table. This can lead to arbitrary code execution.\nAn attacker can provide a malicious file to trigger this vulnerability.\n(CVE-2024-42415)\n","modified":"2026-04-16T00:11:09.774334519Z","published":"2024-10-27T02:37:06Z","upstream":["CVE-2024-36474","CVE-2024-42415"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0337.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33620"},{"type":"WEB","url":"https://lwn.net/Articles/993121/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7062-1"}],"affected":[{"package":{"name":"libgsf","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libgsf?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.14.50-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0337.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}