{"id":"CVE-2022-37290","details":"GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.","modified":"2026-04-16T04:38:15.747611327Z","published":"2022-11-14T08:15:09.387Z","related":["SUSE-SU-2022:4393-1","SUSE-SU-2022:4394-1","SUSE-SU-2023:0006-1","openSUSE-SU-2024:13503-1"],"references":[{"type":"WEB","url":"https://gitlab.gnome.org/GNOME/nautilus/-/tree/master"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PX5CVF4FAHFA6UNKHFBBLOP2NUMIQJAY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYPDZ7LBBUVU3WFK7DCGDFGK2GXTKGT5/"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1001"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/nautilus","events":[{"introduced":"0"},{"last_affected":"6a9ee939f5419262d7d0ce720572805f5f64569b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"42.2"}]}}],"versions":["2.27.2","2.27.4","2.27.91","2.27.92","2.28.0","2.29.1","2.29.2","2.29.90","2.29.91","2.29.92","2.29.92.1","2.30.0","2.30.1","2.31.1","2.31.2","2.31.3","2.31.4","2.31.5","2.90.1","2.91.0","2.91.0.1","2.91.1","2.91.2","2.91.3","2.91.4","2.91.5","2.91.6","2.91.7","2.91.8","2.91.9","2.91.90","2.91.90.1","2.91.91","2.91.92","2.91.93","2.91.94","3.0.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.90","3.1.92","3.10.0","3.11.2","3.11.3","3.11.90","3.11.92","3.12.0","3.13.1","3.13.2","3.13.90","3.13.91","3.13.92","3.14.0","3.15.4","3.15.90","3.15.91","3.15.92","3.16.0","3.17.2","3.17.3","3.17.90","3.17.91","3.18.0","3.18.1","3.19.2","3.2.0","3.21.91.1","3.21.92","3.22.0.1","3.22.1","3.23.91","3.23.92","3.24.0","3.25.1","3.25.92","3.26.0","3.27.2","3.27.4","3.27.92","3.27.92.1","3.29.90","3.29.90.1","3.29.92","3.3.1.1","3.3.3","3.3.4","3.3.5","3.3.90","3.3.91","3.3.92","3.30.0","3.31.90","3.32.0","3.33.90","3.34.0","3.35.2","3.35.91","3.35.91.1","3.35.92","3.36.0","3.37.1","3.37.1.1","3.37.2","3.37.3","3.37.90","3.37.91","3.37.92","3.38.0","3.38.1","3.4.0","3.5.1","3.5.2","3.5.3","3.5.4","3.5.5","3.5.90","3.5.91","3.5.92","3.6.0","3.9.3","3.9.90","3.9.91","3.9.92","40","40.0","40.1","40.alpha","40.beta","40.rc","41.0","41.1","41.alpha","41.beta","41.rc","42.0","42.1","42.1.1","42.2","42.alpha","42.beta","42.rc","BONOBO_SLAY_BRANCHPOINT","DROOLING_MACAQUE","EAZEL-NAUTILUS-MS-AUG07","EAZEL-NAUTILUS-MS-JUL12","EAZEL-NAUTILUS-MS-JULY_5","EAZEL_DEMO_1_ANCHOR","EAZEL_NAUTILUS_DEMO_2_ANCHOR","FOR_GNOME_0_99_1","GGV_0_61","GNOME_0_20","GNOME_0_20a","GNOME_0_25","GNOME_0_27","GNOME_0_28_MARTIN","GNOME_0_30","GNOME_0_99_2","GNOME_0_99_3","GNOME_0_99_7","GNOME_0_99_8","GNOME_0_99_8_1","GNOME_2_0_BRANCHPOINT","GNOME_2_10_BRANCHPOINT","GNOME_2_12_BRANCHPOINT","GNOME_2_14_BRANCHPOINT","GNOME_2_16_BRANCHPOINT","GNOME_2_2_BRANCHPOINT","GNOME_2_4_BRANCHPOINT","GNOME_2_6_BRANCHPOINT","GNOME_CORE_1_0_0_1","GNOME_CORE_1_0_1","GNOME_CORE_1_0_3","GNOME_CORE_1_0_4","GNOME_CORE_1_0_5","GNOME_CORE_1_0_6","GNOME_CORE_1_0_7","GNOME_CORE_1_0_8","GNOME_CORE_1_0_9","GNOME_CORE_1_0_ANCHOR","GNOME_CORE_1_1_0","GNOME_STABLE_ANCHOR","INITIAL","INSTALLER_PR3_ANCHOR","MULTIHEAD_BRANCHPOINT","NAUTILUS-NEW-UIH-BRANCH_ANCHOR","NAUTILUS_0_8_2","NAUTILUS_1_0_3","NAUTILUS_1_0_4","NAUTILUS_1_0_5","NAUTILUS_1_1_1","NAUTILUS_1_1_10","NAUTILUS_1_1_11","NAUTILUS_1_1_12","NAUTILUS_1_1_13","NAUTILUS_1_1_14","NAUTILUS_1_1_15","NAUTILUS_1_1_16","NAUTILUS_1_1_17","NAUTILUS_1_1_18","NAUTILUS_1_1_19","NAUTILUS_1_1_2","NAUTILUS_1_1_3","NAUTILUS_1_1_4","NAUTILUS_1_1_5","NAUTILUS_1_1_6","NAUTILUS_1_1_8","NAUTILUS_1_1_9","NAUTILUS_1_ANCHOR","NAUTILUS_2_0_1","NAUTILUS_2_0_2","NAUTILUS_2_0_3","NAUTILUS_2_0_4","NAUTILUS_2_0_6","NAUTILUS_2_10_0","NAUTILUS_2_11_1","NAUTILUS_2_11_2","NAUTILUS_2_11_3","NAUTILUS_2_11_4","NAUTILUS_2_11_90","NAUTILUS_2_11_91","NAUTILUS_2_11_92","NAUTILUS_2_12_0","NAUTILUS_2_12_1","NAUTILUS_2_13_1","NAUTILUS_2_13_2","NAUTILUS_2_13_3","NAUTILUS_2_13_4","NAUTILUS_2_13_90","NAUTILUS_2_13_91","NAUTILUS_2_13_92","NAUTILUS_2_14_0","NAUTILUS_2_14_1","NAUTILUS_2_15_1","NAUTILUS_2_15_2","NAUTILUS_2_15_4","NAUTILUS_2_15_90","NAUTILUS_2_15_91","NAUTILUS_2_15_92","NAUTILUS_2_15_92_1","NAUTILUS_2_16_0","NAUTILUS_2_16_1","NAUTILUS_2_16_2","NAUTILUS_2_16_3","NAUTILUS_2_17_1","NAUTILUS_2_17_91","NAUTILUS_2_17_92","NAUTILUS_2_18_0","NAUTILUS_2_18_0_1","NAUTILUS_2_19_2","NAUTILUS_2_19_3","NAUTILUS_2_19_4","NAUTILUS_2_19_5","NAUTILUS_2_19_6","NAUTILUS_2_19_90","NAUTILUS_2_19_91","NAUTILUS_2_1_0","NAUTILUS_2_1_1","NAUTILUS_2_1_2","NAUTILUS_2_1_3","NAUTILUS_2_1_5","NAUTILUS_2_1_6","NAUTILUS_2_1_91","NAUTILUS_2_20_0","NAUTILUS_2_21_2","NAUTILUS_2_21_5","NAUTILUS_2_21_6","NAUTILUS_2_21_90","NAUTILUS_2_21_91","NAUTILUS_2_21_92","NAUTILUS_2_22_0","NAUTILUS_2_22_1","NAUTILUS_2_23_2","NAUTILUS_2_23_3","NAUTILUS_2_23_4","NAUTILUS_2_23_5","NAUTILUS_2_23_5_1","NAUTILUS_2_23_6","NAUTILUS_2_23_6_1","NAUTILUS_2_23_90","NAUTILUS_2_23_91","NAUTILUS_2_23_92","NAUTILUS_2_24_0","NAUTILUS_2_25_1","NAUTILUS_2_25_2","NAUTILUS_2_25_3","NAUTILUS_2_25_4","NAUTILUS_2_25_91","NAUTILUS_2_25_92","NAUTILUS_2_25_93","NAUTILUS_2_26_0","NAUTILUS_2_26_1","NAUTILUS_2_26_2","NAUTILUS_2_27_1","NAUTILUS_2_2_0","NAUTILUS_2_2_0_1","NAUTILUS_2_2_0_2","NAUTILUS_2_2_1","NAUTILUS_2_2_2","NAUTILUS_2_2_3","NAUTILUS_2_3_1","NAUTILUS_2_3_2","NAUTILUS_2_3_3","NAUTILUS_2_3_4","NAUTILUS_2_3_5","NAUTILUS_2_3_6","NAUTILUS_2_3_7","NAUTILUS_2_3_8","NAUTILUS_2_3_9","NAUTILUS_2_3_90","NAUTILUS_2_4_0","NAUTILUS_2_5_0","NAUTILUS_2_5_1","NAUTILUS_2_5_1_1","NAUTILUS_2_5_2","NAUTILUS_2_5_3","NAUTILUS_2_5_5","NAUTILUS_2_5_6","NAUTILUS_2_5_7","NAUTILUS_2_5_8","NAUTILUS_2_5_90","NAUTILUS_2_5_91","NAUTILUS_2_6_0","NAUTILUS_2_6_1","NAUTILUS_2_6_2","NAUTILUS_2_6_BRANCHPOINT","NAUTILUS_2_7_2","NAUTILUS_2_7_4","NAUTILUS_2_7_92","NAUTILUS_2_8_0","NAUTILUS_2_8_1","NAUTILUS_2_8_2","NAUTILUS_2_9_1","NAUTILUS_2_9_2","NAUTILUS_2_9_90","NAUTILUS_2_9_91","NAUTILUS_2_9_92","NAUTILUS_BEFORE_REMOVING_HELP_COMPONENT","NAUTILUS_EXTENSIONS_BRANCHPOINT","NAUTILUS_EXTENSIONS_MERGEPOINT_1","NAUTILUS_NEW_MIME_BRANCHPOINT","NAUTILUS_PR2_ANCHOR","NAUTILUS_PR3_ANCHOR","NAUTILUS_SEARCH2_MERGE_ANCHOR1","NAUTILUS_SEARCH2_MERGE_ANCHOR2","NAUTILUS_SEARCH_BRANCH_ANCHOR","NAUTILUS_SPATIAL_PLAYGROUND_BRANCHPOINT","NAUTILUS_UIH_MERGE_BASE","NEW_ICON_FACTORY_BRANCHPOINT","NEW_SIDE_PANE_BRANCHPOINT","PANTING_CHIMPANZEE","POST_1_0_MERGE","PRE_1_0_MERGE","PRE_PANEL2","RAK_SOUNDVIEW_ANCHOR","REDHAT_MERGE_BRANCHPOINT","REDHAT_OUTSTANDING_PATCHES_BRANCHPOINT","V0_0","XIMIAN_SMB_ANCHOR","XIMIAN_SUN_DELIVERY_1_MERGE","before-trilobite-move","mjs_pre_great_renaming","nautilus_ms_may_31","pre-mjs-demo-bugfixes"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37290.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}