CyberSec.Space Logo
Back to CVE Browser

CVE-2019-12450

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile12.96th
PublishedMay 29, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Affected Platforms (CPE)

πŸ“¦
Gnome

Glib

>= 2.15.0 and <= 2.61.1
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Redhat

Enterprise Linux

= 8.0
πŸ’»
Redhat

Enterprise Linux Eus

= 8.1
πŸ’»
Redhat

Enterprise Linux Eus

= 8.2
πŸ’»
Redhat

Enterprise Linux Eus

= 8.4
πŸ’»
Redhat

Enterprise Linux Eus

= 8.6
πŸ’»
Redhat

Enterprise Linux Server Aus

= 8.2
πŸ’»
Redhat

Enterprise Linux Server Aus

= 8.4
πŸ’»
Redhat

Enterprise Linux Server Aus

= 8.6
πŸ’»
Redhat

Enterprise Linux Server Tus

= 8.2
πŸ’»
Redhat

Enterprise Linux Server Tus

= 8.4
πŸ’»
Redhat

Enterprise Linux Server Tus

= 8.6
πŸ’»
Canonical

Ubuntu Linux

= 12.04
πŸ’»
Canonical

Ubuntu Linux

= 14.04
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ’»
Canonical

Ubuntu Linux

= 18.10
πŸ’»
Canonical

Ubuntu Linux

= 19.04
πŸ’»
Opensuse

Leap

= 15.0
πŸ’»
Fedoraproject

Fedora

= 30

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html
πŸ”— https://access.redhat.com/errata/RHSA-2019:3530
πŸ”— https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
πŸ”— https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/
πŸ”— https://security.netapp.com/advisory/ntap-20190606-0003/
πŸ”— https://usn.ubuntu.com/4014-1/
πŸ”— https://usn.ubuntu.com/4014-2/

Related Vulnerabilities

CVE-2018-164289.8

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.

CVE-2020-354577.8

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: ...

CVE-2021-408277.8

Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move,...

CVE-2009-32897.8

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allo...