cvedb.io
CVE-2024-42415
HIGH · CVSS 8.4
EPSS exploitation probability: 0%
Published 2024-10-03T16:15:05.867 · Last modified 2026-06-17T07:49:24.883

Summary

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected products

gnome — libgsf

Does this affect you?

Add your gear to cvedb and we'll alert you only when gnome ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.