{"id":"CVE-2019-13012","details":"The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.","modified":"2026-04-11T08:55:53.080498Z","published":"2019-06-28T15:15:10.970Z","related":["ALSA-2021:1586","SUSE-SU-2019:1824-1","SUSE-SU-2019:1830-1","SUSE-SU-2019:1830-2","SUSE-SU-2019:1833-1","openSUSE-SU-2019:1749-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html"},{"type":"WEB","url":"https://usn.ubuntu.com/4049-2/"},{"type":"WEB","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"},{"type":"WEB","url":"https://usn.ubuntu.com/4049-1/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190806-0003/"},{"type":"ADVISORY","url":"https://gitlab.gnome.org/GNOME/glib/issues/1658"},{"type":"REPORT","url":"https://gitlab.gnome.org/GNOME/glib/merge_requests/450"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/glib","events":[{"introduced":"4065bdd345719bc31876fc124766b6b8ad5a0f57"},{"fixed":"2d46dff03e725412f9b15cbd54a9d3b46f4be8cf"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"fixed":"2.59.1"}]}},{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/glib","events":[{"introduced":"0"},{"fixed":"5e4da714f00f6bfb2ccd6d73d61329c6f3a08429"}]}],"versions":["2.20.0","2.20.1","2.21.1","2.21.2","2.21.3","2.21.4","2.21.5","2.21.6","2.22.0","2.22.2","2.23.0","2.23.1","2.23.2","2.23.3","2.23.4","2.23.5","2.23.6","2.24.0","2.25.0","2.25.10","2.25.11","2.25.12","2.25.13","2.25.14","2.25.15","2.25.2","2.25.3","2.25.4","2.25.5","2.25.6","2.25.8","2.25.9","2.27.0","2.27.1","2.27.2","2.27.3","2.27.5","2.27.90","2.27.91","2.27.92","2.27.93","2.28.0","2.29.10","2.29.12","2.29.14","2.29.16","2.29.18","2.29.4","2.29.6","2.29.8","2.29.90","2.31.0","2.31.10","2.31.12","2.31.14","2.31.16","2.31.18","2.31.2","2.31.20","2.31.22","2.31.4","2.31.6","2.31.8","2.32.0","2.32.1","2.33.1","2.33.10","2.33.12","2.33.14","2.33.2","2.33.3","2.33.4","2.33.6","2.33.8","2.34.0","2.35.1","2.35.2","2.35.3","2.35.4","2.35.6","2.35.7","2.35.8","2.35.9","2.36.0","2.37.0","2.37.1","2.37.2","2.37.3","2.37.4","2.37.5","2.37.6","2.37.7","2.37.92","2.37.93","2.38.0","2.39.0","2.39.1","2.39.2","2.39.3","2.39.4","2.39.90","2.39.91","2.39.92","2.41.1","2.41.2","2.41.3","2.41.4","2.41.5","2.42.0","2.43.0","2.43.1","2.43.2","2.43.3","2.43.4","2.43.90","2.43.91","2.43.92","2.45.1","2.45.2","2.45.3","2.45.4","2.45.5","2.45.6","2.45.7","2.45.8","2.46.0","2.47.1","2.47.2","2.47.3","2.47.4","2.47.5","2.47.6","2.47.92","2.48.0","2.49.1","2.49.2","2.49.3","2.49.4","2.49.5","2.49.6","2.49.7","2.50.0","2.50.1","2.51.0","2.51.1","2.51.2","2.51.3","2.51.4","2.51.5","2.52.0","2.53.1","2.53.2","2.53.3","2.53.4","2.53.5","2.53.6","2.53.7","2.54.0","2.55.0","2.55.1","2.56.0","2.57.1","2.57.2","2.57.3","2.58.0","2.59.0","2.59.1","2.59.2","2.59.3","FOR_GNOME_0_99_1","GLIB_1_1_0","GLIB_1_1_1","GLIB_1_1_10","GLIB_1_1_11","GLIB_1_1_12","GLIB_1_1_13","GLIB_1_1_14","GLIB_1_1_15","GLIB_1_1_16","GLIB_1_1_2","GLIB_1_1_3","GLIB_1_1_3a","GLIB_1_1_4","GLIB_1_1_5","GLIB_1_1_6","GLIB_1_1_7","GLIB_1_1_8","GLIB_1_1_8a","GLIB_1_1_9","GLIB_1_2_0","GLIB_1_2_9PRE1","GLIB_1_3_0","GLIB_1_3_1","GLIB_1_3_10","GLIB_1_3_11","GLIB_1_3_12","GLIB_1_3_13","GLIB_1_3_14","GLIB_1_3_15","GLIB_1_3_2","GLIB_1_3_3","GLIB_1_3_4","GLIB_1_3_5","GLIB_1_3_6","GLIB_1_3_7","GLIB_1_3_8","GLIB_1_3_9","GLIB_2_0_0","GLIB_2_0_0_RC1","GLIB_2_0_1","GLIB_2_10_0","GLIB_2_10_1","GLIB_2_11_0","GLIB_2_11_1","GLIB_2_11_2","GLIB_2_11_3","GLIB_2_11_4","GLIB_2_12_0","GLIB_2_12_1","GLIB_2_12_2","GLIB_2_13_0","GLIB_2_13_1","GLIB_2_13_2","GLIB_2_13_3","GLIB_2_13_5","GLIB_2_13_6","GLIB_2_13_7","GLIB_2_14_0","GLIB_2_14_1","GLIB_2_14_2","GLIB_2_14_3","GLIB_2_15_1","GLIB_2_15_2","GLIB_2_15_3","GLIB_2_15_4","GLIB_2_15_5","GLIB_2_15_6","GLIB_2_16_1","GLIB_2_17_0","GLIB_2_17_1","GLIB_2_17_2","GLIB_2_17_3","GLIB_2_17_4","GLIB_2_17_5","GLIB_2_17_6","GLIB_2_17_7","GLIB_2_18_0","GLIB_2_18_1","GLIB_2_19_0","GLIB_2_19_1","GLIB_2_19_10","GLIB_2_19_2","GLIB_2_19_3","GLIB_2_19_4","GLIB_2_19_5","GLIB_2_19_6","GLIB_2_19_7","GLIB_2_19_8","GLIB_2_19_9","GLIB_2_1_3","GLIB_2_1_4","GLIB_2_1_5","GLIB_2_20_0","GLIB_2_2_0","GLIB_2_3_0","GLIB_2_3_1","GLIB_2_3_2","GLIB_2_3_3","GLIB_2_3_5","GLIB_2_3_6","GLIB_2_4_0","GLIB_2_4_1","GLIB_2_5_0","GLIB_2_5_1","GLIB_2_5_2","GLIB_2_5_3","GLIB_2_5_5","GLIB_2_5_6","GLIB_2_6_0","GLIB_2_6_1","GLIB_2_7_0","GLIB_2_7_1","GLIB_2_7_2","GLIB_2_7_3","GLIB_2_7_4","GLIB_2_7_5","GLIB_2_7_6","GLIB_2_7_7","GLIB_2_8_0","GLIB_2_8_1","GLIB_2_9_0","GLIB_2_9_1","GLIB_2_9_2","GLIB_2_9_3","GLIB_2_9_4","GLIB_2_9_5","GLIB_2_9_6","GLIB_GNOME_0_99_1","GLIB_VERSION_1_1_3","GNOME_PRINT_0_24","GOBJECT_GType_guint","GTK_2_5_4","GTK_2_7_4","GTK_ALL_1_3_6","PRE_CLEANUP","R_2_0_core","glib-2-0-branchpoint","glib-2-10-branchpoint","glib-2-12-branchpoint","glib-2-2-branchpoint","glib-2-4-branchpoint","glib-2-6-branchpoint","glib-2.25.7","gobject_0_10_0","gobject_0_9_0","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13012.json","vanir_signatures_modified":"2026-04-11T08:55:53Z","vanir_signatures":[{"digest":{"function_hash":"206605126152140042186476457105825432619","length":297},"source":"https://gitlab.gnome.org/GNOME/glib@5e4da714f00f6bfb2ccd6d73d61329c6f3a08429","target":{"function":"g_keyfile_settings_backend_keyfile_write","file":"gio/gkeyfilesettingsbackend.c"},"signature_type":"Function","id":"CVE-2019-13012-20d86715","deprecated":false,"signature_version":"v1"},{"digest":{"function_hash":"35504247401058893049625118715721596264","length":917},"source":"https://gitlab.gnome.org/GNOME/glib@5e4da714f00f6bfb2ccd6d73d61329c6f3a08429","target":{"function":"g_keyfile_settings_backend_constructed","file":"gio/gkeyfilesettingsbackend.c"},"signature_type":"Function","id":"CVE-2019-13012-e5ed4a77","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["52113572213279302410160458986699814866","224404247974226898390717468373307870903","142114796797454760707182356979768609955","154898358861433275861779533176990407539","75167872904641019238416415385927650658","215833425520010456987160222434244676289","36439815861384971731409604690581811993","226039682951575096948201118831603433131"],"threshold":0.9},"source":"https://gitlab.gnome.org/GNOME/glib@5e4da714f00f6bfb2ccd6d73d61329c6f3a08429","target":{"file":"gio/gkeyfilesettingsbackend.c"},"signature_type":"Line","id":"CVE-2019-13012-e6c09a32","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}