ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0337
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0337)
Resumen:	The remote host is missing an update for the 'libgsf' package(s) announced via the MGASA-2024-0337 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libgsf' package(s) announced via the MGASA-2024-0337 advisory. Vulnerability Insight: An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2024-36474) An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2024-42415) Affected Software/OS: 'libgsf' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-36474 Common Vulnerability Exposure (CVE) ID: CVE-2024-42415
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.