Noticeinfo

⚠️ Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all. The code maintainer explains that "[the] call is invalid [because] p_n_param is an input-output parameter indicating how big an array has already been allocated.

Productinfo

Vendor

• GNOME

Name

• libgsf

Version

• 1.14.0
• 1.14.1
• 1.14.2
• 1.14.3
• 1.14.4
• 1.14.5
• 1.14.6
• 1.14.7
• 1.14.8
• 1.14.9
• 1.14.10
• 1.14.11
• 1.14.12
• 1.14.13
• 1.14.14
• 1.14.15
• 1.14.16
• 1.14.17
• 1.14.18
• 1.14.19
• 1.14.20
• 1.14.21
• 1.14.22
• 1.14.23
• 1.14.24
• 1.14.25
• 1.14.26
• 1.14.27
• 1.14.28
• 1.14.29
• 1.14.30
• 1.14.31
• 1.14.32
• 1.14.33
• 1.14.34
• 1.14.35
• 1.14.36
• 1.14.37
• 1.14.38
• 1.14.39
• 1.14.40
• 1.14.41
• 1.14.42
• 1.14.43
• 1.14.44
• 1.14.45
• 1.14.46
• 1.14.47
• 1.14.48
• 1.14.49
• 1.14.50
• 1.14.51
• 1.14.52
• 1.14.53

License

• open-source

Website

• Vendor: https://www.gnome.org/

Timelineinfo

03/24/2025 🔍
03/24/2025 +0 days 🔍
04/22/2025 +29 days 🔍

Sourcesinfo

Vendor: gnome.org

False Positive: Yes

CVE: CVE-2025-2722 (🔍)
GCVE (CVE): GCVE-0-2025-2722
GCVE (VulDB): GCVE-100-300742

Entryinfo

Created: 03/24/2025 13:51
Updated: 04/22/2025 14:30
Changes: 03/24/2025 13:51 (52), 03/25/2025 09:29 (29), 04/22/2025 14:30 (2)
Complete: 🔍
Submitter: ninpwn
Cache ID: 216:F62:103

Submitinfo

Accepted

• Submit #520182: Open Source libgsf <=1.14.53 Integer Overflow -> Heap Overflow (gsf_prop_settings_collect_va) (by ninpwn)

Discussion

Want to know what is going to be exploited?

We predict KEV entries!