CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
16.0%
It was discovered that GTK would attempt to load modules from the current
directory, contrary to expectations. If users started GTK applications from
shared directories, a local attacker could use this issue to execute
arbitrary code, and possibly escalate privileges.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 24.04 | noarch | libgail-3-0t64 | < 3.24.41-4ubuntu1.1 | UNKNOWN |
Ubuntu | 24.04 | noarch | gir1.2-gtk-3.0 | < 3.24.41-4ubuntu1.1 | UNKNOWN |
Ubuntu | 24.04 | noarch | gtk-3-examples | < 3.24.41-4ubuntu1.1 | UNKNOWN |
Ubuntu | 24.04 | noarch | gtk-3-examples-dbgsym | < 3.24.41-4ubuntu1.1 | UNKNOWN |
Ubuntu | 24.04 | noarch | gtk-update-icon-cache | < 3.24.41-4ubuntu1.1 | UNKNOWN |
Ubuntu | 24.04 | noarch | gtk-update-icon-cache-dbgsym | < 3.24.41-4ubuntu1.1 | UNKNOWN |
Ubuntu | 24.04 | noarch | libgail-3-0t64-dbgsym | < 3.24.41-4ubuntu1.1 | UNKNOWN |
Ubuntu | 24.04 | noarch | libgail-3-dev | < 3.24.41-4ubuntu1.1 | UNKNOWN |
Ubuntu | 24.04 | noarch | libgail-3-doc | < 3.24.41-4ubuntu1.1 | UNKNOWN |
Ubuntu | 24.04 | noarch | libgtk-3-0t64 | < 3.24.41-4ubuntu1.1 | UNKNOWN |