Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libgsf (UTSA-2025-658553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-658553 advisory. An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library libgsf. A...

EUVD-2025-8041

Malicious code in bioql PyPI...

EUVD-2025-8040

Malicious code in bioql PyPI...

EUVD-2024-39610

Malicious code in bioql PyPI...

EUVD-2025-8044

Malicious code in bioql PyPI...

EUVD-2025-8038

Malicious code in bioql PyPI...

EUVD-2025-8037

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-36474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version...

Linux Distros Unpatched Vulnerability : CVE-2024-42415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library libgsf. A...

Fedora: Security Advisory (FEDORA-2024-ff08c2b41a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-2722

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been declared as critical. This vulnerability affects the function gsfpropsettingscollectva. The manipulation of the argument nallocedparams leads to heap-based buffer overflow. Local access is required to approach this attack. The...

CVE-2025-2721

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been classified as critical. This affects the function gsfbase64encodesimple. The manipulation of the argument sizet leads to heap-based buffer overflow. An attack has to be approached locally. The vendor was contacted early about th...

CVE-2025-2724

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the only way to get an object of type GsfMSOleSortingKey is via...

CVE-2025-2724

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the only way to get an object of type GsfMSOleSortingKey is via...

UBUNTU-CVE-2025-2724

A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sortingkeycopy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this...

CVE-2025-2724

CVE-2025-2724 relates to GNOME LibGSF’s sorting_key_copy function. Affected is the sorting_key_copy operation where manipulating the Name argument can cause an out-of-bounds read, potentially enabling local impact. Red Hat notes limited or no mitigations meeting security criteria. Ubuntu/Ubuntu-d...

CVE-2025-2724

Removed by vendor...

CVE-2025-2724

...

CVE-2025-2723

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the call is invalid as the buffer pointed to by "data" must have...

CVE-2025-2722

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the call is invalid because pnparam is an input-output parameter...