Filtered by vendor Gnome
Subscribe
Total
307 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11464 | 1 Gnome | 1 Librsvg | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. | |||||
CVE-2017-11171 | 1 Gnome | 1 Gnome-session | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible. | |||||
CVE-2017-1000422 | 3 Canonical, Debian, Gnome | 3 Ubuntu Linux, Debian Linux, Gdk-pixbuf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution | |||||
CVE-2017-1000159 | 1 Gnome | 1 Evince | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. | |||||
CVE-2017-1000083 | 3 Debian, Gnome, Redhat | 8 Debian Linux, Evince, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. | |||||
CVE-2017-1000044 | 1 Gnome | 1 Gtk-vnc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering | |||||
CVE-2017-1000025 | 1 Gnome | 1 Epiphany | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | |||||
CVE-2017-1000024 | 1 Gnome | 1 Shotwell | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission | |||||
CVE-2016-9888 | 1 Gnome | 1 Libgsf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. | |||||
CVE-2016-6855 | 4 Canonical, Fedoraproject, Gnome and 1 more | 6 Ubuntu Linux, Fedora, Eye Of Gnome and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. | |||||
CVE-2016-6352 | 3 Canonical, Gnome, Opensuse | 4 Ubuntu Linux, Gdk-pixbuf, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | |||||
CVE-2016-6163 | 1 Gnome | 1 Librsvg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. | |||||
CVE-2016-4348 | 3 Debian, Gnome, Opensuse | 4 Debian Linux, Librsvg, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | |||||
CVE-2016-20011 | 1 Gnome | 1 Libgrss | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. | |||||
CVE-2016-10727 | 2 Canonical, Gnome | 2 Ubuntu Linux, Evolution | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly. | |||||
CVE-2016-1000033 | 2 Gnome, Redhat | 2 Shotwell, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | |||||
CVE-2016-1000002 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Gnome Display Manager, Leap and 1 more | 2024-11-21 | 2.1 LOW | 2.4 LOW |
gdm3 3.14.2 and possibly later has an information leak before screen lock | |||||
CVE-2015-8875 | 2 Debian, Gnome | 2 Debian Linux, Gdk-pixbuf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. | |||||
CVE-2015-7674 | 3 Canonical, Gnome, Opensuse | 3 Ubuntu Linux, Gdk-pixbuf, Opensuse | 2024-11-21 | 6.8 MEDIUM | N/A |
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. | |||||
CVE-2015-7673 | 2 Gnome, Opensuse | 2 Gdk-pixbuf, Opensuse | 2024-11-21 | 6.8 MEDIUM | N/A |
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. |