CVE-2025-2724 - Vulnerability Details

Description

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the only way to get an object of type GsfMSOleSortingKey is via gsf_msole_sorting_key_new which adds that extra zero element".

Published: 2025-03-25

Score: 3.3 Low

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-8044	A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-2724
https://vuldb.com/?ctiid.300744
https://vuldb.com/?id.300744
https://vuldb.com/?submit.520184
https://www.cve.org/CVERecord?id=CVE-2025-2724
https://www.gnome.org/

History

Wed, 18 Jun 2025 16:00:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Low`	threat_severity `None`

Tue, 22 Apr 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV2_0 `{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:P/I:N/A:N'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Tue, 22 Apr 2025 13:15:00 +0000

Type	Values Removed	Values Added
Title	GNOME libgsf sorting_key_copy out-of-bounds	libgsf: GNOME libgsf sorting_key_copy out-of-bounds
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 22 Apr 2025 12:45:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The code maintainer explains that "the only way to get an object of type GsfMSOleSortingKey is via gsf_msole_sorting_key_new which adds that extra zero element".
Metrics	cvssV3_0 `{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 26 Mar 2025 02:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-2724 https://www.cve.org/CVERecord?id=CVE-2025-2724
Metrics	threat_severity `None`	threat_severity `Low`

Tue, 25 Mar 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 25 Mar 2025 01:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.
Title		GNOME libgsf sorting_key_copy out-of-bounds
Weaknesses		CWE-119 CWE-125
References		https://vuldb.com/?ctiid.300744 https://vuldb.com/?id.300744 https://vuldb.com/?submit.520184 https://www.gnome.org/
Metrics		cvssV2_0 `{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:P/I:N/A:N'}` cvssV3_0 `{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}` cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: VulDB

Published: 2025-03-25T01:31:04.182Z

Updated: 2025-04-22T12:25:39.888Z

Reserved: 2025-03-24T12:46:34.800Z

Link: CVE-2025-2724

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-03-25T02:15:14.143

Modified: 2025-04-22T13:15:43.203

Link: CVE-2025-2724

Redhat

Severity :

Publid Date: 2025-03-25T01:31:04Z

Links: CVE-2025-2724 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object