vulnerability
SUSE: CVE-2024-42415: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Oct 29, 2024 | Dec 5, 2025 | Dec 5, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Oct 29, 2024
Added
Dec 5, 2025
Modified
Dec 5, 2025
Description
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Solutions
suse-upgrade-gsf-office-thumbnailersuse-upgrade-libgsf-1-114suse-upgrade-libgsf-1-114-32bitsuse-upgrade-libgsf-develsuse-upgrade-libgsf-langsuse-upgrade-libgsf-toolssuse-upgrade-typelib-1_0-gsf-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.