An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Reproducible: Always Steps to Reproduce: Install latest available libgsf package for Fedora 41. Actual Results: Package libgsf-1.14.52-2.fc41 installed. Expected Results: Install patched version of libgsf on Fedora 41. Current latest available libgsf package for Fedora 41 appears to be libgsf-1.14.52-2.fc41 [1]. [1] https://koji.fedoraproject.org/koji/packageinfo?packageID=684
FEDORA-2024-2ac7273bab (libgsf-1.14.53-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-2ac7273bab
FEDORA-2024-ff08c2b41a (libgsf-1.14.53-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-ff08c2b41a
FEDORA-2024-7d06f67cf5 (libgsf-1.14.53-1.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d06f67cf5
FEDORA-2024-2ac7273bab has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-2ac7273bab` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-2ac7273bab See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-7d06f67cf5 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-7d06f67cf5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d06f67cf5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-ff08c2b41a has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-ff08c2b41a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-ff08c2b41a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-7d06f67cf5 (libgsf-1.14.53-1.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-2ac7273bab (libgsf-1.14.53-1.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-ff08c2b41a (libgsf-1.14.53-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.