Unrated severityNVD Advisory· Published Aug 7, 2007· Updated Apr 23, 2026

CVE-2007-3381

Description

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

Affected products

GNOME Foundation/Gdm35 versions
cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*+ 34 more
- cpe:2.3:a:gnome:gdm:*:*:*:*:*:*:*:*range: <=2.14.12
- cpe:2.3:a:gnome:gdm:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.14.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.18.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26313nvdVendor Advisory
secunia.com/advisories/26368nvdVendor Advisory
secunia.com/advisories/26520nvdVendor Advisory
secunia.com/advisories/26879nvdVendor Advisory
secunia.com/advisories/26900nvdVendor Advisory
www.vupen.com/english/advisories/2007/2781nvdVendor Advisory
ftp.gnome.org/pub/GNOME/sources/gdm/2.14/gdm-2.14.13.newsnvd
ftp.gnome.org/pub/GNOME/sources/gdm/2.16/gdm-2.16.7.changesnvd
ftp.gnome.org/pub/GNOME/sources/gdm/2.18/gdm-2.18.4.newsnvd
ftp.gnome.org/pub/GNOME/sources/gdm/2.19/gdm-2.19.5.newsnvd
security.gentoo.org/glsa/glsa-200709-11.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.redhat.com/support/errata/RHSA-2007-0777.htmlnvd
www.securityfocus.com/archive/1/475451/30/5550/threadednvd
www.securityfocus.com/bid/25191nvd
www.securitytracker.com/idnvd
issues.rpath.com/browse/RPL-1599nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10887nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000