CyberSec.Space Logo
Back to CVE Browser

CVE-2019-11461

HIGH
7.8
CVSS Severity Score
EPSS Score0.1820%
EPSS Percentile38.26th
PublishedApr 22, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

Affected Platforms (CPE)

πŸ“¦
Gnome

Nautilus

>= 3.30 and < 3.30.6
πŸ“¦
Gnome

Nautilus

>= 3.32 and < 3.32.1

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html
πŸ”— https://gitlab.gnome.org/GNOME/nautilus/issues/987
πŸ”— https://security.gentoo.org/glsa/201908-27
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html
πŸ”— https://gitlab.gnome.org/GNOME/nautilus/issues/987
πŸ”— https://security.gentoo.org/glsa/201908-27

Related Vulnerabilities

CVE-2020-256608.8

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph ...

CVE-2017-124477.8

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial ...

CVE-2009-32897.8

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allo...

CVE-2017-91497.5

Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nau...