CVE-2019-11460

Priority
Description
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior
to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may
escape the bubblewrap sandbox used to confine thumbnailers by using the
TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's
controlling terminal, allowing an attacker to escape the sandbox if the
thumbnailer has a controlling terminal. This is due to improper filtering
of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
Assigned-to
mdeslaur
Notes
More Information

Updated: 2020-03-18 22:53:50 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)