Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-8041 | A vulnerability was found in GNOME libgsf up to 1.14.53. It has been declared as critical. This vulnerability affects the function gsf_prop_settings_collect_va. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Local access is required to approach this attack. The vendor was contacted early about this disclosure but did not respond in any way. |
No reference.
Tue, 22 Apr 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-119 CWE-122 |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Tue, 22 Apr 2025 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | GNOME libgsf gsf_prop_settings_collect_va heap-based overflow | |
| Metrics |
ssvc
|
Tue, 22 Apr 2025 12:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was found in GNOME libgsf up to 1.14.53. It has been declared as critical. This vulnerability affects the function gsf_prop_settings_collect_va. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Local access is required to approach this attack. The vendor was contacted early about this disclosure but did not respond in any way. | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "[the] call is invalid [because] p_n_param is an input-output parameter indicating how big an array has already been allocated. |
| Metrics |
cvssV3_0
|
cvssV4_0
|
Tue, 25 Mar 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 25 Mar 2025 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was found in GNOME libgsf up to 1.14.53. It has been declared as critical. This vulnerability affects the function gsf_prop_settings_collect_va. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Local access is required to approach this attack. The vendor was contacted early about this disclosure but did not respond in any way. | |
| Title | GNOME libgsf gsf_prop_settings_collect_va heap-based overflow | |
| Weaknesses | CWE-119 CWE-122 |
|
| References |
| |
| Metrics |
cvssV2_0
|
Subscriptions
No data.
Status: REJECTED
Assigner: VulDB
Published:
Updated: 2025-04-22T12:25:34.147Z
Reserved: 2025-03-24T12:46:23.964Z
Link: CVE-2025-2722
Updated:
Status : Rejected
Published: 2025-03-25T01:15:11.617
Modified: 2025-04-22T13:15:43.080
Link: CVE-2025-2722
No data.
OpenCVE Enrichment
No data.
No weakness.
EUVD