CVE-2024-6655

NameCVE-2024-6655
DescriptionA flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gtk+2.0 (PTS)bullseye2.24.33-2+deb11u1fixed
bookworm2.24.33-2+deb12u1fixed
sid, trixie2.24.33-6fixed
gtk+3.0 (PTS)bullseye3.24.24-4+deb11u4fixed
bookworm3.24.38-2~deb12u3fixed
sid, trixie3.24.43-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gtk+2.0sourcebullseye2.24.33-2+deb11u1
gtk+2.0sourcebookworm2.24.33-2+deb12u1
gtk+2.0source(unstable)2.24.33-5
gtk+3.0sourcebullseye3.24.24-4+deb11u4
gtk+3.0sourcebookworm3.24.38-2~deb12u2
gtk+3.0source(unstable)3.24.43-1

Notes

https://gitlab.gnome.org/GNOME/gtk/-/issues/6786
https://www.openwall.com/lists/oss-security/2024/09/09/1

Search for package or bug name: Reporting problems