CVE-2025-2720: GNOME libgsf gsf_base64_encode_simple uninitialized variable
First published: Mon Mar 24 2025(Updated: )
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data" must have "len" valid bytes. The docs were updated to make that clear.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libgsf | <=1.14.53 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2720?
CVE-2025-2720 is classified as a problematic vulnerability affecting GNOME libgsf up to version 1.14.53.
How do I fix CVE-2025-2720?
To mitigate CVE-2025-2720, upgrade GNOME libgsf to a version later than 1.14.53.
What component is affected by CVE-2025-2720?
CVE-2025-2720 affects the function gsf_base64_encode_simple in GNOME libgsf.
What type of attack is associated with CVE-2025-2720?
CVE-2025-2720 requires a local attack approach to exploit the vulnerability.
What causes the vulnerability in CVE-2025-2720?
The vulnerability in CVE-2025-2720 is caused by the manipulation of an argument size leading to the use of an uninitialized variable.
- agent/weakness
- agent/title
- agent/author
- agent/references
- agent/type
- agent/first-publish-date
- agent/source
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/status
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- status/rejected
- vendor/gnome
- canonical/libgsf