CVE-2024-6655

Published: Jul 16, 2024Modified: Jun 17, 2026Deferred

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: secalert@redhat.com (Secondary)

Description

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

https://access.redhat.com/errata/RHSA-2024:6963

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:9184

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-6655

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2297098

Source: secalert@redhat.com

https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b6176d42836d23c36a6ac410e807ec0a7a7#diff-content-e3fbe6480add9420b69f82374fb26ccac2c015a0

Source: secalert@redhat.com

https://www.openwall.com/lists/oss-security/2024/09/09/1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2024/09/09/1

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/security/cve/CVE-2024-6655

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=2297098

Source: af854a3a-2127-422b-91ae-364da2661108

https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b6176d42836d23c36a6ac410e807ec0a7a7#diff-content-e3fbe6480add9420b69f82374fb26ccac2c015a0

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.