{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2724", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-24T12:46:34.800Z", "datePublished": "2025-03-25T01:31:04.182Z", "dateUpdated": "2025-03-25T13:24:41.680Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-25T01:31:04.182Z"}, "title": "GNOME libgsf sorting_key_copy out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "GNOME", "product": "libgsf", "versions": [{"version": "1.14.0", "status": "affected"}, {"version": "1.14.1", "status": "affected"}, {"version": "1.14.2", "status": "affected"}, {"version": "1.14.3", "status": "affected"}, {"version": "1.14.4", "status": "affected"}, {"version": "1.14.5", "status": "affected"}, {"version": "1.14.6", "status": "affected"}, {"version": "1.14.7", "status": "affected"}, {"version": "1.14.8", "status": "affected"}, {"version": "1.14.9", "status": "affected"}, {"version": "1.14.10", "status": "affected"}, {"version": "1.14.11", "status": "affected"}, {"version": "1.14.12", "status": "affected"}, {"version": "1.14.13", "status": "affected"}, {"version": "1.14.14", "status": "affected"}, {"version": "1.14.15", "status": "affected"}, {"version": "1.14.16", "status": "affected"}, {"version": "1.14.17", "status": "affected"}, {"version": "1.14.18", "status": "affected"}, {"version": "1.14.19", "status": "affected"}, {"version": "1.14.20", "status": "affected"}, {"version": "1.14.21", "status": "affected"}, {"version": "1.14.22", "status": "affected"}, {"version": "1.14.23", "status": "affected"}, {"version": "1.14.24", "status": "affected"}, {"version": "1.14.25", "status": "affected"}, {"version": "1.14.26", "status": "affected"}, {"version": "1.14.27", "status": "affected"}, {"version": "1.14.28", "status": "affected"}, {"version": "1.14.29", "status": "affected"}, {"version": "1.14.30", "status": "affected"}, {"version": "1.14.31", "status": "affected"}, {"version": "1.14.32", "status": "affected"}, {"version": "1.14.33", "status": "affected"}, {"version": "1.14.34", "status": "affected"}, {"version": "1.14.35", "status": "affected"}, {"version": "1.14.36", "status": "affected"}, {"version": "1.14.37", "status": "affected"}, {"version": "1.14.38", "status": "affected"}, {"version": "1.14.39", "status": "affected"}, {"version": "1.14.40", "status": "affected"}, {"version": "1.14.41", "status": "affected"}, {"version": "1.14.42", "status": "affected"}, {"version": "1.14.43", "status": "affected"}, {"version": "1.14.44", "status": "affected"}, {"version": "1.14.45", "status": "affected"}, {"version": "1.14.46", "status": "affected"}, {"version": "1.14.47", "status": "affected"}, {"version": "1.14.48", "status": "affected"}, {"version": "1.14.49", "status": "affected"}, {"version": "1.14.50", "status": "affected"}, {"version": "1.14.51", "status": "affected"}, {"version": "1.14.52", "status": "affected"}, {"version": "1.14.53", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in GNOME libgsf bis 1.14.53 entdeckt. Betroffen hiervon ist die Funktion sorting_key_copy. Durch Manipulation des Arguments Name mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2025-03-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-24T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-24T13:51:46.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "ninpwn (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.300744", "name": "VDB-300744 | GNOME libgsf sorting_key_copy out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.300744", "name": "VDB-300744 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.520184", "name": "Submit #520184 | Open Source libgsf <=1.14.53 Out-of-Bounds Read (sorting_key_copy)", "tags": ["third-party-advisory"]}, {"url": "https://www.gnome.org/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-25T13:24:33.273115Z", "id": "CVE-2025-2724", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T13:24:41.680Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2724", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-25T13:24:33.273115Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T13:24:38.301Z"}}], "cna": {"title": "GNOME libgsf sorting_key_copy out-of-bounds", "credits": [{"lang": "en", "type": "reporter", "value": "ninpwn (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "GNOME", "product": "libgsf", "versions": [{"status": "affected", "version": "1.14.0"}, {"status": "affected", "version": "1.14.1"}, {"status": "affected", "version": "1.14.2"}, {"status": "affected", "version": "1.14.3"}, {"status": "affected", "version": "1.14.4"}, {"status": "affected", "version": "1.14.5"}, {"status": "affected", "version": "1.14.6"}, {"status": "affected", "version": "1.14.7"}, {"status": "affected", "version": "1.14.8"}, {"status": "affected", "version": "1.14.9"}, {"status": "affected", "version": "1.14.10"}, {"status": "affected", "version": "1.14.11"}, {"status": "affected", "version": "1.14.12"}, {"status": "affected", "version": "1.14.13"}, {"status": "affected", "version": "1.14.14"}, {"status": "affected", "version": "1.14.15"}, {"status": "affected", "version": "1.14.16"}, {"status": "affected", "version": "1.14.17"}, {"status": "affected", "version": "1.14.18"}, {"status": "affected", "version": "1.14.19"}, {"status": "affected", "version": "1.14.20"}, {"status": "affected", "version": "1.14.21"}, {"status": "affected", "version": "1.14.22"}, {"status": "affected", "version": "1.14.23"}, {"status": "affected", "version": "1.14.24"}, {"status": "affected", "version": "1.14.25"}, {"status": "affected", "version": "1.14.26"}, {"status": "affected", "version": "1.14.27"}, {"status": "affected", "version": "1.14.28"}, {"status": "affected", "version": "1.14.29"}, {"status": "affected", "version": "1.14.30"}, {"status": "affected", "version": "1.14.31"}, {"status": "affected", "version": "1.14.32"}, {"status": "affected", "version": "1.14.33"}, {"status": "affected", "version": "1.14.34"}, {"status": "affected", "version": "1.14.35"}, {"status": "affected", "version": "1.14.36"}, {"status": "affected", "version": "1.14.37"}, {"status": "affected", "version": "1.14.38"}, {"status": "affected", "version": "1.14.39"}, {"status": "affected", "version": "1.14.40"}, {"status": "affected", "version": "1.14.41"}, {"status": "affected", "version": "1.14.42"}, {"status": "affected", "version": "1.14.43"}, {"status": "affected", "version": "1.14.44"}, {"status": "affected", "version": "1.14.45"}, {"status": "affected", "version": "1.14.46"}, {"status": "affected", "version": "1.14.47"}, {"status": "affected", "version": "1.14.48"}, {"status": "affected", "version": "1.14.49"}, {"status": "affected", "version": "1.14.50"}, {"status": "affected", "version": "1.14.51"}, {"status": "affected", "version": "1.14.52"}, {"status": "affected", "version": "1.14.53"}]}], "timeline": [{"lang": "en", "time": "2025-03-24T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-24T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-24T13:51:46.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.300744", "name": "VDB-300744 | GNOME libgsf sorting_key_copy out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.300744", "name": "VDB-300744 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.520184", "name": "Submit #520184 | Open Source libgsf <=1.14.53 Out-of-Bounds Read (sorting_key_copy)", "tags": ["third-party-advisory"]}, {"url": "https://www.gnome.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in GNOME libgsf bis 1.14.53 entdeckt. Betroffen hiervon ist die Funktion sorting_key_copy. Durch Manipulation des Arguments Name mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-25T01:31:04.182Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2724", "state": "PUBLISHED", "dateUpdated": "2025-03-25T13:24:41.680Z", "dateReserved": "2025-03-24T12:46:34.800Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-25T01:31:04.182Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-2724", "lastModified": "2025-03-25T02:15:14.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-25T02:15:14.143", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.300744"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.300744"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.520184"}, {"source": "cna@vuldb.com", "url": "https://www.gnome.org/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "libgsf: GNOME libgsf sorting_key_copy out-of-bounds", "id": "2354667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354667"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "(CWE-119|CWE-125)", "details": ["A flaw was found in the libgsf package, affecting the sorting_key_copy function. It is possible to launch the attack on the local host, and manipulation of the Name argument can lead to out-of-bounds read."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-2724", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "libgsf", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "libgsf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libgsf", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libgsf", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-25T01:31:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-2724\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-2724\nhttps://vuldb.com/?ctiid.300744\nhttps://vuldb.com/?id.300744\nhttps://vuldb.com/?submit.520184\nhttps://www.gnome.org/"], "threat_severity": "Low"}