CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-12450

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile12.96th
Published2019年5月29日
Last Modified2024年11月21日

Vulnerability Description

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Affected Platforms (CPE)

📦
Gnome

Glib

>= 2.15.0 and <= 2.61.1
💻
Debian

Debian Linux

= 8.0
💻
Redhat

Enterprise Linux

= 8.0
💻
Redhat

Enterprise Linux Eus

= 8.1
💻
Redhat

Enterprise Linux Eus

= 8.2
💻
Redhat

Enterprise Linux Eus

= 8.4
💻
Redhat

Enterprise Linux Eus

= 8.6
💻
Redhat

Enterprise Linux Server Aus

= 8.2
💻
Redhat

Enterprise Linux Server Aus

= 8.4
💻
Redhat

Enterprise Linux Server Aus

= 8.6
💻
Redhat

Enterprise Linux Server Tus

= 8.2
💻
Redhat

Enterprise Linux Server Tus

= 8.4
💻
Redhat

Enterprise Linux Server Tus

= 8.6
💻
Canonical

Ubuntu Linux

= 12.04
💻
Canonical

Ubuntu Linux

= 14.04
💻
Canonical

Ubuntu Linux

= 16.04
💻
Canonical

Ubuntu Linux

= 18.04
💻
Canonical

Ubuntu Linux

= 18.10
💻
Canonical

Ubuntu Linux

= 19.04
💻
Opensuse

Leap

= 15.0
💻
Fedoraproject

Fedora

= 30

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html
🔗 https://access.redhat.com/errata/RHSA-2019:3530
🔗 https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
🔗 https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/
🔗 https://security.netapp.com/advisory/ntap-20190606-0003/
🔗 https://usn.ubuntu.com/4014-1/
🔗 https://usn.ubuntu.com/4014-2/

関連する脆弱性情報

CVE-2018-164289.8

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.

CVE-2020-354577.8

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: ...

CVE-2021-408277.8

Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move,...

CVE-2009-32897.8

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allo...