Unrated severityNVD Advisory· Published Oct 3, 2024· Updated Nov 3, 2025
CVE-2024-42415
CVE-2024-42415
Description
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22= 1.14.52+ 1 more
- (no CPE)range: = 1.14.52
- (no CPE)range: 1.14.52
- osv-coords20 versionspkg:deb/ubuntu/libgsf@1.14.52-1ubuntu0.1?arch=source&distro=oracularpkg:rpm/opensuse/libgsf&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/libgsf&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/libgsf&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/libgsf&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
< 1.14.52-1ubuntu0.1+ 19 more
- (no CPE)range: < 1.14.52-1ubuntu0.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.51-150600.4.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.51-150600.4.3.1
- (no CPE)range: < 1.14.40-8.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.46-150200.3.3.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.40-8.3.1
- (no CPE)range: < 1.14.50-150400.3.6.1
- (no CPE)range: < 1.14.51-150600.4.3.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.