Filtered by vendor Gnome
Subscriptions
Total
331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37290 | 2 Fedoraproject, Gnome | 2 Fedora, Nautilus | 2025-05-01 | 5.5 Medium |
| GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. | ||||
| CVE-2020-29385 | 3 Canonical, Fedoraproject, Gnome | 3 Ubuntu Linux, Fedora, Gdk-pixbuf | 2025-04-29 | 5.5 Medium |
| GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. | ||||
| CVE-2017-7961 | 1 Gnome | 1 Libcroco | 2025-04-20 | 7.8 High |
| The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components. | ||||
| CVE-2017-11590 | 1 Gnome | 1 Libgxps | 2025-04-20 | N/A |
| There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2017-2862 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2025-04-20 | 7.8 High |
| An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. | ||||
| CVE-2017-8871 | 2 Gnome, Opensuse | 2 Libcroco, Leap | 2025-04-20 | 6.5 Medium |
| The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | ||||
| CVE-2017-1000159 | 1 Gnome | 1 Evince | 2025-04-20 | N/A |
| Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. | ||||
| CVE-2017-11171 | 1 Gnome | 1 Gnome-session | 2025-04-20 | N/A |
| Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible. | ||||
| CVE-2017-14108 | 1 Gnome | 1 Gedit | 2025-04-20 | N/A |
| libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. | ||||
| CVE-2017-5884 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gtk-vnc, Enterprise Linux | 2025-04-20 | N/A |
| gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | ||||
| CVE-2017-7960 | 1 Gnome | 1 Libcroco | 2025-04-20 | N/A |
| The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. | ||||
| CVE-2017-1000044 | 1 Gnome | 1 Gtk-vnc | 2025-04-20 | N/A |
| gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering | ||||
| CVE-2015-2675 | 2 Gnome, Redhat | 2 Librest, Enterprise Linux | 2025-04-20 | N/A |
| The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. | ||||
| CVE-2017-5885 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gtk-vnc, Enterprise Linux | 2025-04-20 | N/A |
| Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | ||||
| CVE-2017-8834 | 2 Gnome, Opensuse | 2 Libcroco, Leap | 2025-04-20 | 6.5 Medium |
| The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. | ||||
| CVE-2017-11464 | 1 Gnome | 1 Librsvg | 2025-04-20 | N/A |
| A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. | ||||
| CVE-2017-8288 | 1 Gnome | 1 Gnome-shell | 2025-04-20 | N/A |
| gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js. | ||||
| CVE-2017-6313 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 7.1 High |
| Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. | ||||
| CVE-2017-1000083 | 3 Debian, Gnome, Redhat | 9 Debian Linux, Evince, Enterprise Linux and 6 more | 2025-04-20 | N/A |
| backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. | ||||
| CVE-2017-6314 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 5.5 Medium |
| The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | ||||