Unrated severityOSV Advisory· Published Apr 22, 2019· Updated Aug 4, 2024

CVE-2019-11460

Description

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

Affected products

GNOME Foundation/Gnome DesktopOSV
Range: 2.29.4, 2.91.5, 2.91.6, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.htmlmitrevendor-advisoryx_refsource_SUSE
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5V6EIUHYR7SNKCRIGYCD3UWNEGFNT2F/mitrevendor-advisoryx_refsource_FEDORA
security.gentoo.org/glsa/201908-28mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/3994-1/mitrevendor-advisoryx_refsource_UBUNTU
gitlab.gnome.org/GNOME/gnome-desktop/issues/112mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000