An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Reproducible: Always Steps to Reproduce: Install latest available libgsf package for Fedora 41. Actual Results: Package libgsf-1.14.52-2.fc41 installed. Expected Results: Install patched version of libgsf on Fedora 41. Current latest available libgsf package for Fedora 41 appears to be libgsf-1.14.52-2.fc41 [1]. [1] https://koji.fedoraproject.org/koji/packageinfo?packageID=684
FEDORA-2024-2ac7273bab (libgsf-1.14.53-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-2ac7273bab
FEDORA-2024-ff08c2b41a (libgsf-1.14.53-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-ff08c2b41a
FEDORA-2024-7d06f67cf5 (libgsf-1.14.53-1.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d06f67cf5
FEDORA-2024-2ac7273bab has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-2ac7273bab` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-2ac7273bab See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-7d06f67cf5 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-7d06f67cf5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d06f67cf5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-ff08c2b41a has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-ff08c2b41a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-ff08c2b41a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-7d06f67cf5 (libgsf-1.14.53-1.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-2ac7273bab (libgsf-1.14.53-1.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-ff08c2b41a (libgsf-1.14.53-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.