PyPi: Gvsbuild

CVE-2022-3970

Transitive

Safety vulnerability ID: 52335

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Nov 13, 2022 Updated at Dec 09, 2024
Scan your Python projects for vulnerabilities →

Advisory

Gvsbuild 2022.6.0 includes a fix for CVE-2022-3970, an integer overflow critical vulnerability affecting a C dependency (Libtiff).
https://github.com/wingtk/gvsbuild/pull/744/commits/652f23e9ef52bac8eb9bfad179f8b68ee90be08b

Affected package

gvsbuild

Latest version: 2024.12.0

GTK stack for Windows

Affected versions

Fixed versions

Vulnerability changelog

Changes

- Resolve linker out of memory errors with core limits danyeaw (759)
- Turn off Rich markup on log output danyeaw (757)
- Fix libxml2 missing meson.build error danyeaw (756)
- Update cmake to version 3.25.1 danyeaw (754)
- Update go to version 1.19.1 danyeaw (755)
- build(deps): bump lastversion from 2.4.7 to 2.4.8 (760)
- Update freerdp to version 2.9.0 danyeaw (753)
- Update nuget to version 6.4.0 danyeaw (752)
- Update GTK3 to version 3.24.35 danyeaw (751)
- Build GTK3 and GTK4 in Parallel danyeaw (745)
- Update cairo to 1.17.6, convert to meson danyeaw (749)
- Update meson to version 0.64.1 danyeaw (750)
- Update pycairo to version 1.23.0 danyeaw (746)
- Update pixman to version 0.42.2 danyeaw (748)
- Update pango to version 1.50.12 danyeaw (747)
- Move outdated command package versions to each tool saste (743)
- libtiff: add patch to fix cve 2022-3970 nacho (744)
- Update pkgconf to version 1.9.3 saste (742)
- Update gtk-pixbuf to version 2.42.10 danyeaw (740)
- libsoup2 and SQLite updates, other bugfixes danyeaw (741)
- Update cmake to version 3.25.0 danyeaw (739)
- Update pycairo to version 1.22.0 danyeaw (738)
- Update meson to version 0.64.0 danyeaw (737)
- Fix librsvg hash and gtksourceview dependencies danyeaw (736)
- Build both GTK3 and GTK4 with CI danyeaw (735)
- define tool versions saste (734)
- always define version in projects saste (732)
- mit_kerberos: update to 1.20.1 AlessandroBono (733)

Thanks again to AlessandroBono, danyeaw, nacho, saste and Stefano Sabatini! 🎉

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.8

CVSS v3 Details

HIGH 8.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH