Noticeinfo

⚠️ This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all. According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data" must have "len" valid bytes. The docs were updated to make that clear.

Productinfo

Vendor

• GNOME

Name

• libgsf

Version

• 1.14.0
• 1.14.1
• 1.14.2
• 1.14.3
• 1.14.4
• 1.14.5
• 1.14.6
• 1.14.7
• 1.14.8
• 1.14.9
• 1.14.10
• 1.14.11
• 1.14.12
• 1.14.13
• 1.14.14
• 1.14.15
• 1.14.16
• 1.14.17
• 1.14.18
• 1.14.19
• 1.14.20
• 1.14.21
• 1.14.22
• 1.14.23
• 1.14.24
• 1.14.25
• 1.14.26
• 1.14.27
• 1.14.28
• 1.14.29
• 1.14.30
• 1.14.31
• 1.14.32
• 1.14.33
• 1.14.34
• 1.14.35
• 1.14.36
• 1.14.37
• 1.14.38
• 1.14.39
• 1.14.40
• 1.14.41
• 1.14.42
• 1.14.43
• 1.14.44
• 1.14.45
• 1.14.46
• 1.14.47
• 1.14.48
• 1.14.49
• 1.14.50
• 1.14.51
• 1.14.52
• 1.14.53

License

• open-source

Website

• Vendor: https://www.gnome.org/

Timelineinfo

03/24/2025 🔍
03/24/2025 +0 days 🔍
03/27/2025 +3 days 🔍

Sourcesinfo

Vendor: gnome.org

False Positive: Yes
Disputed: 🔍

CVE: CVE-2025-2720 (🔍)
GCVE (CVE): GCVE-0-2025-2720
GCVE (VulDB): GCVE-100-300740
Misc.: 🔍

Entryinfo

Created: 03/24/2025 13:51
Updated: 03/27/2025 07:07
Changes: 03/24/2025 13:51 (52), 03/25/2025 09:29 (29), 03/27/2025 07:07 (4)
Complete: 🔍
Submitter: ninpwn
Cache ID: 216:D77:103

Submitinfo

Accepted

• Submit #520180: Open Source libgsf <=1.14.53 Uninitalized Heap Read (gsf_base64_encode_simple) (by ninpwn)

Discussion

Interested in the pricing of exploits?

See the underground prices here!