CVE-2009-0318Gnumeric vulnerability

6 documents6 sources
Severity
6.9MEDIUMNVD
EPSS
0.1%
top 79.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gnome GnumericDebian Gnumeric
Timeline
PublishedJan 28
Latest updateMay 2

Description

Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

debiandebian/gnumeric< gnumeric 1.8.4-3 (bookworm)
Debiangnome/gnumeric< 1.8.4-3+3

🔴Vulnerability Details

2
GHSA
GHSA-9cr7-r39p-2mx5: Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan ho2022-05-02
OSV
CVE-2009-0318: Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan ho2009-01-28

📋Vendor Advisories

2
Debian
CVE-2009-0318: gnumeric - Untrusted search path vulnerability in the GObject Python interpreter wrapper in...2009
Red Hat
Gnumeric: untrusted python modules search path2008-08-06

💬Community

1
Bugzilla
CVE-2009-0318 Gnumeric: untrusted python modules search path2009-01-26