VYPR

Vendor CVEs

GNOME Foundation

All CVEs

407 total · sorted by risk
  • CVE-2017-2885CriApr 24, 2018
    risk 0.66cvss 9.8epss 0.24

    An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this…

  • CVE-2018-16428CriSep 4, 2018
    risk 0.64cvss 9.8epss 0.05

    In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.

  • CVE-2018-12910CriJul 5, 2018
    risk 0.64cvss 9.8epss 0.04

    The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

  • CVE-2018-12422CriJun 15, 2018
    risk 0.64cvss 9.8epss 0.02

    addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code…

  • CVE-2017-16931CriNov 23, 2017
    risk 0.64cvss 9.8epss 0.04

    parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

  • CVE-2017-1000044CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.02

    gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering

  • CVE-2017-5885CriFeb 28, 2017
    risk 0.64cvss 9.8epss 0.05

    Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a…

  • CVE-2016-4616CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.03

    libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-4615CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.03

    libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-4614CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.03

    libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-4610CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.05

    libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-4609CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.05

    libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-4607CriJul 22, 2016
    risk 0.64cvss 9.8epss 0.05

    libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2005-0102CriJan 24, 2005
    risk 0.64cvss 9.8epss 0.03

    Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.

  • CVE-2017-8872CriMay 10, 2017
    risk 0.59cvss 9.1epss 0.02

    The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

  • CVE-2017-1000083HigSep 5, 2017
    risk 0.58cvss 7.8epss 0.50

    backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a…

  • CVE-2018-16430HigSep 4, 2018
    risk 0.57cvss 8.8epss 0.03

    GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.

  • CVE-2016-10727CriJul 20, 2018
    risk 0.57cvss 9.8epss 0.03

    camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers…

  • CVE-2018-10112HigApr 16, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file…

  • CVE-2017-1000422HigJan 2, 2018
    risk 0.57cvss 8.8epss 0.02

    Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution

  • CVE-2026-0719HigJan 8, 2026
    risk 0.56cvss 8.6epss 0.01

    A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This…

  • CVE-2018-10900HigJul 26, 2018
    risk 0.54cvss 7.8epss 0.05

    Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary…

  • CVE-2017-8288HigApr 27, 2017
    risk 0.53cvss 8.1epss 0.03

    gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what…

  • CVE-2016-6855HigSep 7, 2016
    risk 0.53cvss 7.5epss 0.19

    Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

  • CVE-2018-14424HigAug 14, 2018
    risk 0.51cvss 7.8epss 0.01

    The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or…

  • CVE-2018-5345HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.02

    A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

  • CVE-2017-1000159HigNov 27, 2017
    risk 0.51cvss 7.8epss 0.01

    Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.

  • CVE-2017-2870HigSep 5, 2017
    risk 0.51cvss 7.8epss 0.03

    An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger…

  • CVE-2017-2862HigSep 5, 2017
    risk 0.51cvss 7.8epss 0.05

    An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this…

  • CVE-2017-11464HigJul 19, 2017
    risk 0.51cvss 7.8epss 0.01

    A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.

  • CVE-2017-11421HigJul 18, 2017
    risk 0.51cvss 7.8epss 0.01

    gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript…

  • CVE-2017-7961HigApr 19, 2017
    risk 0.51cvss 7.8epss 0.02

    The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified…

  • CVE-2017-5884HigFeb 28, 2017
    risk 0.51cvss 7.8epss 0.02

    gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

  • CVE-2015-8875HigJun 1, 2016
    risk 0.51cvss 7.8epss 0.03

    Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute…

  • CVE-2009-3289HigSep 22, 2009
    risk 0.51cvss 7.8epss 0.00

    The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.

  • CVE-2026-5201HigMar 31, 2026
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user…

  • CVE-2020-37011HigJan 29, 2026
    risk 0.49cvss 7.5epss 0.00

    Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to exhaust memory through repeated…

  • CVE-2025-12105HigOct 23, 2025
    risk 0.49cvss 7.5epss 0.00

    A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed…

  • CVE-2025-7424HigJul 10, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may…

  • CVE-2025-7345HigJul 8, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing…

  • CVE-2025-32049HigApr 3, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

  • CVE-2024-5148HigSep 2, 2024
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP…

  • CVE-2018-16429HigSep 4, 2018
    risk 0.49cvss 7.5epss 0.04

    GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().

  • CVE-2018-12016HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.

  • CVE-2018-11396HigMay 23, 2018
    risk 0.49cvss 7.5epss 0.01

    ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.

  • CVE-2018-1000135HigMar 20, 2018
    risk 0.49cvss 7.5epss 0.02

    GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04…

  • CVE-2015-2675HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.03

    The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the…

  • CVE-2017-11590HigJul 24, 2017
    risk 0.49cvss 7.5epss 0.02

    There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.

  • CVE-2017-1000025HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.

  • CVE-2017-1000024HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission

Page 1 of 9