{"id":"USN-3994-1","summary":"gnome-desktop3 vulnerability","details":"It was discovered that gnome-desktop incorrectly confined thumbnailers. If\na user were tricked into downloading a malicious image file, a remote\nattacker could possibly combine this issue with another vulnerability to\nescape the sandbox and execute arbitrary code.\n","modified":"2026-02-10T04:41:33Z","published":"2019-05-27T12:09:31Z","related":["UBUNTU-CVE-2019-11460"],"upstream":["CVE-2019-11460","UBUNTU-CVE-2019-11460"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3994-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11460"}],"affected":[{"package":{"name":"gnome-desktop3","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/gnome-desktop3@3.28.2-0ubuntu1.3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.2-0ubuntu1.3"}]}],"versions":["3.26.1-0ubuntu1","3.26.2-1ubuntu1","3.27.90-1ubuntu1","3.27.92-0ubuntu1","3.28.0-0ubuntu1","3.28.1-1ubuntu1","3.28.2-0ubuntu1","3.28.2-0ubuntu1.1","3.28.2-0ubuntu1.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.28.2-0ubuntu1.3","binary_name":"gir1.2-gnomedesktop-3.0"},{"binary_version":"3.28.2-0ubuntu1.3","binary_name":"gnome-desktop3-data"},{"binary_version":"3.28.2-0ubuntu1.3","binary_name":"libgnome-desktop-3-17"},{"binary_version":"3.28.2-0ubuntu1.3","binary_name":"libgnome-desktop-3-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3994-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2019-11460"}],"ecosystem":"Ubuntu:18.04:LTS"}}}],"schema_version":"1.7.3"}