Untriaged
Permalink
CVE-2024-6655
7.0 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Gtk3: gtk2: library injection from cwd
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.
References
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- RHSA-2024:6963 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- RHSA-2024:6963 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- RHSA-2024:6963 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:6963 vendor-advisory x_refsource_REDHAT
- RHSA-2024:9184 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHSA-2024:6963 vendor-advisory x_refsource_REDHAT
- RHSA-2024:9184 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- RHSA-2024:6963 vendor-advisory x_refsource_REDHAT
- RHSA-2024:9184 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- RHSA-2024:6963 vendor-advisory x_refsource_REDHAT
- RHSA-2024:9184 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://www.openwall.com/lists/oss-security/2024/09/09/1
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- RHSA-2024:6963 vendor-advisory x_refsource_REDHAT
- RHSA-2024:9184 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://www.openwall.com/lists/oss-security/2024/09/09/1
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHSA-2024:6963 vendor-advisory x_refsource_REDHAT
- RHSA-2024:9184 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://www.openwall.com/lists/oss-security/2024/09/09/1
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
- RHSA-2024:6963 vendor-advisory x_refsource_REDHAT
- RHSA-2024:9184 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-6655 x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b…
- https://www.openwall.com/lists/oss-security/2024/09/09/1
- https://access.redhat.com/security/cve/CVE-2024-6655 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2297098 issue-tracking x_refsource_REDHAT x_transferred
- https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b… x_transferred
- http://www.openwall.com/lists/oss-security/2024/09/09/1
Affected products
gtk
- <3.24.43
gtk2
gtk3
- *
gtk4
gimp:flatpak/gtk2
inkscape:flatpak/gtk2
Matching in nixpkgs
pkgs.lazarus
Graphical IDE for the FreePascal language
-
nixos-unstable -
- nixpkgs-unstable gtk2-4.0-0
pkgs.viewnior
Fast and simple image viewer
-
nixos-unstable -
- nixpkgs-unstable gtk3-1.8-unstable-2023-11-23
pkgs.pcmanx-gtk2
Telnet BBS browser with GTK interface
-
nixos-unstable -
- nixpkgs-unstable gtk2-1.3
pkgs.emacs30-gtk3
Extensible, customizable GNU text editor
-
nixos-unstable -
- nixpkgs-unstable gtk3-30.2
pkgs.pinentry-gtk2
GnuPG’s interface to passphrase input
-
nixos-unstable -
- nixpkgs-unstable gtk2-1.3.2
pkgs.libportal-gtk3
Flatpak portal library
-
nixos-unstable -
- nixpkgs-unstable gtk3-0.9.1
pkgs.ventoy-full-gtk
New Bootable USB Solution with GUI support
-
nixos-unstable -
- nixpkgs-unstable gtk3-1.1.07
pkgs.libindicator-gtk2
Set of symbols and convenience functions for Ayatana indicators
-
nixos-unstable -
- nixpkgs-unstable gtk2-12.10.1
pkgs.libindicator-gtk3
Set of symbols and convenience functions for Ayatana indicators
-
nixos-unstable -
- nixpkgs-unstable gtk3-12.10.1
pkgs.rubyPackages.gtk3
None
-
nixos-unstable -
- nixpkgs-unstable gtk3-4.3.3
pkgs.kdePackages.qt6gtk2
GTK+2.0 integration plugins for Qt6
-
nixos-unstable -
- nixpkgs-unstable 0.5
pkgs.qt6Packages.qt6gtk2
GTK+2.0 integration plugins for Qt6
-
nixos-unstable -
- nixpkgs-unstable 0.5
pkgs.haskellPackages.gtk3
Binding to the Gtk+ 3 graphical user interface library
-
nixos-unstable -
- nixpkgs-unstable 0.15.10
pkgs.libappindicator-gtk2
Library to allow applications to export a menu into the Unity Menu bar
-
nixos-unstable -
- nixpkgs-unstable gtk2-12.10.1+20.10.20200706.1
pkgs.libappindicator-gtk3
Library to allow applications to export a menu into the Unity Menu bar
-
nixos-unstable -
- nixpkgs-unstable gtk3-12.10.1+20.10.20200706.1
pkgs.rubyPackages_3_1.gtk3
None
-
nixos-unstable -
- nixpkgs-unstable gtk3-4.3.3
pkgs.rubyPackages_3_2.gtk3
None
-
nixos-unstable -
- nixpkgs-unstable gtk3-4.3.3
pkgs.rubyPackages_3_3.gtk3
None
-
nixos-unstable -
- nixpkgs-unstable gtk3-4.3.3
pkgs.rubyPackages_3_4.gtk3
None
-
nixos-unstable -
- nixpkgs-unstable gtk3-4.3.3
pkgs.haskellPackages.gi-gtk3
Gtk 3.x bindings
-
nixos-unstable -
- nixpkgs-unstable gtk3-3.0.44
pkgs.sbclPackages.cl-gtk2-gdk
None
-
nixos-unstable -
- nixpkgs-unstable gtk2-gdk-20211020-git
pkgs.sbclPackages.cl-gtk2-glib
None
-
nixos-unstable -
- nixpkgs-unstable gtk2-glib-20211020-git
pkgs.haskellPackages.Chart-gtk3
Utility functions for using the chart library with GTK
-
nixos-unstable -
- nixpkgs-unstable gtk3-1.9.3
pkgs.indicator-application-gtk2
Indicator to take menus from applications and place them in the panel (GTK 2 library for Xfce/LXDE)
-
nixos-unstable -
- nixpkgs-unstable gtk2-12.10.0.1
pkgs.indicator-application-gtk3
Indicator to take menus from applications and place them in the panel
-
nixos-unstable -
- nixpkgs-unstable gtk3-12.10.1
pkgs.sbclPackages.cl-gtk2-pango
None
-
nixos-unstable -
- nixpkgs-unstable gtk2-pango-20211020-git
pkgs.haskellPackages.gtk2hs-cast-glib
A type class for cast functions of Gtk2hs: glib package
-
nixos-unstable -
- nixpkgs-unstable 0.10.1.1
pkgs.haskellPackages.gtk2hs-buildtools
Tools to build the Gtk2Hs suite of User Interface libraries
-
nixos-unstable -
- nixpkgs-unstable 0.13.12.0
pkgs.gnomeExtensions.adw-gtk3-colorizer
Colorize adw-gtk3 straight from your system color accents.
-
nixos-unstable -
- nixpkgs-unstable gtk3-colorizer-2
pkgs.haskellPackages.gtk3-mac-integration
Bindings for the Gtk/OS X integration library
-
nixos-unstable -
- nixpkgs-unstable 0.3.4.0
pkgs.haskellPackages.webkit2gtk3-javascriptcore
JavaScriptCore FFI from webkitgtk
-
nixos-unstable -
- nixpkgs-unstable 0.14.4.6
pkgs.gnomeExtensions.legacy-gtk3-theme-scheme-auto-switcher
Change the GTK3 theme to light/dark variant based on the system color scheme
-
nixos-unstable -
- nixpkgs-unstable gtk3-theme-scheme-auto-switcher-10
pkgs.tests.pkg-config.defaultPkgConfigPackages.%22appindicator-0.1%22
Test whether libappindicator-gtk2-12.10.1+20.10.20200706.1 exposes pkg-config modules appindicator-0.1
-
nixos-unstable -
- nixpkgs-unstable gtk2
pkgs.tests.pkg-config.defaultPkgConfigPackages.%22appindicator3-0.1%22
Test whether libappindicator-gtk3-12.10.1+20.10.20200706.1 exposes pkg-config modules appindicator3-0.1
-
nixos-unstable -
- nixpkgs-unstable gtk3
Package maintainers
-
@normalcea normalcea <normalc@posteo.net>
-
@Gliczy Gliczy
-
@ciferkey Matthew Brunelle <ciferkey@gmail.com>
-
@lovek323 Jason O'Conal <jason@oconal.id.au>
-
@adisbladis Adam Hose <adisbladis@gmail.com>
-
@matthewbauer Matthew Bauer <mjbauer95@gmail.com>
-
@AndersonTorres Anderson Torres <torres.anderson.85@protonmail.com>
-
@jwiegley John Wiegley <johnw@newartisans.com>
-
@panchoh pancho horrillo <pancho@pancho.name>
-
@honnip Jung seungwoo <me@honnip.page>
-
@msteen Matthijs Steen <emailmatthijs@gmail.com>
-
@Misterio77 Gabriel Fontes <eu@misterio.me>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@sifmelcara Ming Chuan <ming@culpring.com>
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@lukego Luke Gorrie <luke@snabb.co>
-
@hraban Hraban Luyat <hraban@0brg.net>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
-
@Artturin Artturi N <artturin@artturin.com>
-
@sergei-mironov Sergey Mironov <grrwlf@gmail.com>