CVE-2025-2722
Description
A vulnerability was found in GNOME libgsf up to 1.14.53. It has been declared as critical. This vulnerability affects the function gsf_prop_settings_collect_va. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Local access is required to approach this attack. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.017
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygems-devel-3.4.19-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygems-3.4.19-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-typeprof-0.21.3-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-test-unit-3.5.7-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-rss-0.3.1-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-rexml-3.3.9-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-rdoc-6.5.1.1-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-rbs-2.8.2-183.amzn2023.0.4.x86_64.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-rake-13.0.6-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-psych-5.0.1-183.amzn2023.0.4.x86_64.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-power_assert-2.0.3-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-minitest-5.25.1-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-json-2.6.3-183.amzn2023.0.4.x86_64.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-irb-1.6.2-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-io-console-0.6.0-183.amzn2023.0.4.x86_64.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-bundler-2.4.19-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-rubygem-bigdecimal-3.1.3-183.amzn2023.0.4.x86_64.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-libs-3.2.7-183.amzn2023.0.4.x86_64.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-doc-3.2.7-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-devel-3.2.7-183.amzn2023.0.4.x86_64.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-default-gems-3.2.7-183.amzn2023.0.4.noarch.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-bundled-gems-3.2.7-183.amzn2023.0.4.x86_64.rpm | Linux |
| ruby3.2 Security Update (ALAS-2025-929) ruby3.2-3.2.7-183.amzn2023.0.4.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234