Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 881509 (CVE-2022-37290)

Summary: <gnome-base/nautilus-44.0: NULL pointer dereference via pasting crafted zip file
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376
Whiteboard: A3 [glsa?]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-16 15:54:11 UTC 
CVE-2022-37290:

GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.

Potential patch: https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1001
Comment 1 Hans de Graaff gentoo-dev Security 2023-10-19 06:11:24 UTC 
This has been fixed in 44.0 according to the tags for the relevant commits.