VDB
CVE-2019-11461
CVE-2019-11461
PUBLISHED
CVSS 4.400000095367432 MEDIUM
An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
EPSS 0.05% · 16.8th percentile
Risk Scores
CVSS 2.0
4.400000095367432
EPSS Score
0.05%
16.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| gnome | nautilus | 3.30, 3.32 |
Timeline
- Apr 22, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://gitlab.gnome.org/GNOME/nautilus/issues/987 url
- GLSA-201908-27 vendor-advisory
- openSUSE-SU-2019:2038 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-11461 advisory