Vendor
GNOME Foundation
The GNOME Foundation is a non-profit organization based in Orinda, California, United States, which works to coordinate the efforts in the GNOME project. The GNOME Foundation works to further the goal of the GNOME project: to create a computing platform for use by the general public that is composed entirely of free software.
Founded 2000
Products
69
CVEs
198
Across products
1,644
Status
Private
Products
69- 268 CVEs
- 267 CVEs
- 159 CVEs
- 121 CVEs
- 109 CVEs
- 85 CVEs
- 81 CVEs
- 72 CVEs
- 63 CVEs
- 42 CVEs
- 41 CVEs
- 40 CVEs
- 35 CVEs
- 28 CVEs
- 22 CVEs
- 22 CVEs
- 21 CVEs
- 17 CVEs
- 14 CVEs
- 12 CVEs
- 11 CVEs
- 11 CVEs
- 9 CVEs
- 9 CVEs
- 8 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 3 CVEs
- 3 CVEs
- + 39 more — see CVE list below for full coverage.
Recent CVEs
198| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1000044 | Cri | 0.64 | 9.8 | 0.02 | Jul 17, 2017 | gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering | |
| CVE-2017-5885 | Cri | 0.64 | 9.8 | 0.01 | Feb 28, 2017 | Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | |
| CVE-2005-0102 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2005 | Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. | |
| CVE-2017-8288 | Hig | 0.53 | 8.1 | 0.00 | Apr 27, 2017 | gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js. | |
| CVE-2016-6855 | Hig | 0.52 | 7.5 | 0.03 | Sep 7, 2016 | Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. | |
| CVE-2017-1000159 | Hig | 0.51 | 7.8 | 0.00 | Nov 27, 2017 | Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. | |
| CVE-2017-2870 | Hig | 0.51 | 7.8 | 0.02 | Sep 5, 2017 | An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. | |
| CVE-2017-2862 | Hig | 0.51 | 7.8 | 0.05 | Sep 5, 2017 | An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. | |
| CVE-2017-7961 | Hig | 0.51 | 7.8 | 0.01 | Apr 19, 2017 | The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components. | |
| CVE-2017-5884 | Hig | 0.51 | 7.8 | 0.00 | Feb 28, 2017 | gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | |
| CVE-2015-8875 | Hig | 0.51 | 7.8 | 0.01 | Jun 1, 2016 | Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. | |
| CVE-2009-3289 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2009 | The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | |
| CVE-2026-5201 | Hig | 0.49 | 7.5 | 0.01 | Mar 31, 2026 | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions. | |
| CVE-2015-2675 | Hig | 0.49 | 7.5 | 0.03 | Aug 18, 2017 | The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. | |
| CVE-2017-11590 | Hig | 0.49 | 7.5 | 0.01 | Jul 24, 2017 | There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-1000025 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | |
| CVE-2017-1000024 | Hig | 0.49 | 7.5 | 0.00 | Jul 17, 2017 | Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission | |
| CVE-2017-6311 | Hig | 0.49 | 7.5 | 0.02 | Mar 10, 2017 | gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. | |
| CVE-2016-4348 | Hig | 0.49 | 7.5 | 0.03 | May 20, 2016 | The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | |
| CVE-2015-7558 | Hig | 0.49 | 7.5 | 0.01 | May 20, 2016 | librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. |