Login Sign Up

CVE-2024-36474

8.4 HIGH
Remote Code Execution

📋 TL;DR

An integer overflow vulnerability in libgsf's Compound Document parser allows arbitrary code execution when processing malicious files. This affects applications using libgsf to handle Microsoft Office documents or other Compound Document Binary File formats. Users and systems processing untrusted files with vulnerable libgsf versions are at risk.

💻 Affected Systems

Products:
  • GNOME Structured File Library (libgsf)
Versions: Versions up to and including v1.14.52
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects any application that uses libgsf to parse Compound Document files (e.g., .doc, .xls, .ppt files). Common in GNOME desktop environments and document viewers.

📦 What is this software?

Libgsf by Gnome

View all CVEs affecting Libgsf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application using libgsf, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited code execution depending on exploit sophistication and mitigations like ASLR.

🟢

If Mitigated

Application crash with no code execution if modern exploit mitigations are effective.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. No public proof-of-concept has been disclosed as of the references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.14.53 and later

Vendor Advisory: https://gitlab.gnome.org/GNOME/libgsf/-/issues/34

Restart Required: Yes

Instructions:

1. Update libgsf to version 1.14.53 or later using your distribution's package manager. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade libgsf-1-114. 3. For Fedora/RHEL: sudo dnf update libgsf. 4. Restart applications using libgsf.

🔧 Temporary Workarounds

Disable libgsf file parsing

linux

Configure applications to avoid using libgsf for parsing Compound Document files, if possible.

Use application sandboxing

linux

Run applications that process untrusted files in sandboxed environments (e.g., Flatpak, Snap, Firejail).

🧯 If You Can't Patch

  • Restrict file uploads and processing of untrusted Compound Document files (e.g., .doc, .xls) in vulnerable systems.
  • Implement strict file type validation and block suspicious files at network boundaries or application level.

🔍 How to Verify

Check if Vulnerable:

Check libgsf version: dpkg -l libgsf-1-114 or rpm -q libgsf. If version is 1.14.52 or earlier, it is vulnerable.

Check Version:

pkg-config --modversion libgsf-1.0

Verify Fix Applied:

Confirm libgsf version is 1.14.53 or later using the version check command.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or abnormal terminations when opening document files
  • Unexpected process spawns from document viewers

Network Indicators:

  • Inbound transfers of suspicious document files to vulnerable systems

SIEM Query:

source="application_logs" event_type="crash" process_name IN ("evince", "libreoffice", "gnome-documents")

📊 Metadata

CVE ID: CVE-2024-36474
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: October 3, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36474, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)