Unrated severityNVD Advisory· Published Oct 3, 2024· Updated Nov 3, 2025
CVE-2024-36474
CVE-2024-36474
Description
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22- Range: = 1.14.52
- osv-coords20 versionspkg:deb/ubuntu/libgsf@1.14.52-1ubuntu0.1?arch=source&distro=oracularpkg:rpm/opensuse/libgsf&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/libgsf&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/libgsf&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
< 1.14.52-1ubuntu0.1+ 19 more
- (no CPE)range: < 1.14.52-1ubuntu0.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.51-150600.4.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.51-150600.4.3.1
- (no CPE)range: < 1.14.40-8.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.40-8.3.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.51-150600.4.3.1
- Range: 1.14.52
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.