CVE-2025-2724

NameCVE-2025-2724
DescriptionA vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libgsf (PTS)bullseye1.14.47-1undetermined
bullseye (security)1.14.47-1+deb11u1undetermined
bookworm, bookworm (security)1.14.50-1+deb12u1undetermined
sid, trixie1.14.53-1undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libgsfsource(unstable)undetermined

Notes

https://vuldb.com/?submit.520184
Search for package or bug name: Reporting problems