{"id":"CVE-2019-12448","details":"An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.","modified":"2026-04-16T04:33:25.080987268Z","published":"2019-05-29T17:29:00.337Z","related":["ALSA-2020:1766","SUSE-SU-2019:1717-1","openSUSE-SU-2019:1697-1","openSUSE-SU-2019:1699-1","openSUSE-SU-2024:10838-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/07/09/3"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/"},{"type":"WEB","url":"https://usn.ubuntu.com/4053-1/"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gvfs","events":[{"introduced":"8baec79ab9cb2cb86095b071f3a40f7f6a751ef6"},{"last_affected":"769d0b47a88eff3ca14d34346491b2961e17ecd5"}],"database_specific":{"versions":[{"introduced":"1.29.4"},{"last_affected":"1.41.2"}]}},{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/gvfs","events":[{"introduced":"0"},{"fixed":"764e9af7522e3096c0f44613c330377d31c9bbb5"}]}],"versions":["1.10.0","1.11.3","1.11.4","1.11.5","1.12.0","1.12.1","1.13.0","1.13.1","1.13.2","1.13.3","1.13.4","1.13.5","1.13.6","1.13.7","1.13.8","1.13.9","1.14.0","1.15.0","1.15.1","1.15.2","1.15.3","1.15.4","1.16.0","1.17.0","1.17.1","1.17.2","1.17.3","1.17.90","1.18.0","1.18.1","1.18.2","1.19.1","1.19.2","1.19.3","1.19.4","1.19.5","1.19.90","1.20.0","1.21.1","1.21.2","1.21.3","1.21.4","1.21.90","1.21.92","1.22.0","1.23.1","1.23.2","1.23.3","1.23.4","1.23.90","1.23.92","1.24.0","1.25.1","1.25.2","1.25.3","1.25.4","1.25.4.1","1.25.90","1.25.91","1.25.92","1.26.0","1.26.1","1.26.1.1","1.26.2","1.27.3","1.27.4","1.27.90","1.27.91","1.27.92","1.28.0","1.28.1","1.29.1","1.29.2","1.29.3","1.29.4","1.29.90","1.29.91","1.29.92","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.30.0","1.31.1","1.31.2","1.31.3","1.31.4","1.31.90","1.31.91","1.31.92","1.32.0","1.33.1","1.33.3","1.33.90","1.33.91","1.33.92","1.34.0","1.35.1","1.35.2","1.35.3","1.35.4","1.35.90","1.35.91","1.35.92","1.36.0","1.37.1","1.37.2","1.37.4","1.37.90","1.37.91","1.38.0","1.39.1","1.39.3","1.39.4","1.39.90","1.39.91","1.39.92","1.4.0","1.40.0","1.41.1","1.41.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.7.3","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","GVFS_0_0_1","GVFS_0_0_2","GVFS_0_1_0","GVFS_0_1_1","GVFS_0_1_10","GVFS_0_1_11","GVFS_0_1_2","GVFS_0_1_3","GVFS_0_1_4","GVFS_0_1_5","GVFS_0_1_6","GVFS_0_1_7","GVFS_0_1_8","GVFS_0_1_9","GVFS_0_2_0","GVFS_0_2_0_1","GVFS_0_2_1","GVFS_0_2_2","GVFS_0_2_4","GVFS_0_99_1","GVFS_0_99_2","GVFS_0_99_3","GVFS_0_99_4","GVFS_0_99_5","GVFS_0_99_6","GVFS_0_99_7","GVFS_1_1_1","GVFS_1_1_2","GVFS_1_1_3","GVFS_1_1_4","GVFS_1_1_5","GVFS_1_1_6","GVFS_1_1_7","GVFS_1_1_8","GVFS_1_2_1","GVFS_1_2_2"],"database_specific":{"vanir_signatures_modified":"2026-04-11T12:42:22Z","vanir_signatures":[{"id":"CVE-2019-12448-01761545","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://gitlab.gnome.org/GNOME/gvfs@764e9af7522e3096c0f44613c330377d31c9bbb5","target":{"function":"do_query_info","file":"daemon/gvfsbackendadmin.c"},"digest":{"length":773,"function_hash":"64205853415753784691777204321902914954"}},{"id":"CVE-2019-12448-e179d761","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://gitlab.gnome.org/GNOME/gvfs@764e9af7522e3096c0f44613c330377d31c9bbb5","target":{"function":"g_vfs_backend_admin_class_init","file":"daemon/gvfsbackendadmin.c"},"digest":{"length":1119,"function_hash":"291059796769018686444836906707353406813"}},{"id":"CVE-2019-12448-f050b2e1","deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://gitlab.gnome.org/GNOME/gvfs@764e9af7522e3096c0f44613c330377d31c9bbb5","target":{"file":"daemon/gvfsbackendadmin.c"},"digest":{"line_hashes":["311297455587774907855962067083164398497","159821582250461964802523482026195269832","270937666052168099032406307424124705197","33095720979665916866635273588156964988","73916177003641685572968591140627056112","332656857390928500311302951485446284836","84226649914448015677384007816104284654","261131885118531494386662365456571608686","52339659440160129562704502571484413363","84078518649844511327966423325267204388","238902368323565008389343359666231838667","26048367029313892980292964428037035416","121376657416069182452085665620582192829","45245116424484130822365010593564321323","301424330206445400309075934892548977298","20361328783718537714402279248129202220","82914833910798516239348283202884502264","199118256566142594638446583927416890716","101138217634126312805968218022546272616","95501412207501951921017769830748646769","61298520150532182576996182114698516357","121051268252090894768512230950998444713"],"threshold":0.9}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12448.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}