CVE-2024-6655 — Code Injection in Gtk+2.0

CWE-94 — Code Injection7 documents7 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 84.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Gtk+2.0 Debian Gtk+3.0 Msrc Azl3 Gtk2 2.24.32-12 ON Azure Linux 3.0 +7 more

Timeline

PublishedJul 16

Description

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages10 packages

▶debiandebian/gtk+2.0< gtk+2.0 2.24.33-2+deb12u1 (bookworm)

▶debiandebian/gtk+3.0< gtk+2.0 2.24.33-2+deb12u1 (bookworm)

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

▶msrcmsrc/cbl_mariner_2.0_arm

🔴Vulnerability Details

OSV

CVE-2024-6655: A flaw was found in the GTK library↗2024-07-16

▶

GHSA

GHSA-v9xm-vjq4-6r8q: A flaw was found in the GTK library↗2024-07-16

▶

📋Vendor Advisories

Ubuntu

GTK vulnerability↗2024-07-16

▶

Microsoft

Gtk3: gtk2: library injection from cwd↗2024-07-09

▶

Red Hat

gtk3: gtk2: Library injection from CWD↗2024-06-15

▶

Debian

CVE-2024-6655: gtk+2.0 - A flaw was found in the GTK library. Under certain conditions, it is possible fo...↗2024

▶