A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability. https://vuldb.com/?id.216789 https://github.com/GNOME/gvdb/commit/d83587b2a364eb9a9a53be7e6a708074e252de14 https://vuldb.com/?ctiid.216789
Created epiphany tracking bugs for this issue: Affects: fedora-36 [bug 2156441] Created glib2 tracking bugs for this issue: Affects: fedora-36 [bug 2156442] Affects: fedora-37 [bug 2156443]
Note this vulnerability was only present in gvdb for six days, and no version of glib or dconf is affected, so users don't need to worry about this. I believe Epiphany is the only software that was actually impacted (and it was fixed there before it made its way into any release).
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-25085