VYPR

Vendor CVEs

GNOME Foundation

All CVEs

407 total · sorted by risk
  • CVE-2017-6311HigMar 10, 2017
    risk 0.49cvss 7.5epss 0.03

    gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.

  • CVE-2016-6352HigOct 3, 2016
    risk 0.49cvss 7.5epss 0.04

    The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

  • CVE-2016-7162HigSep 26, 2016
    risk 0.49cvss 7.5epss 0.03

    The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

  • CVE-2016-4348HigMay 20, 2016
    risk 0.49cvss 7.5epss 0.02

    The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

  • CVE-2015-7558HigMay 20, 2016
    risk 0.49cvss 7.5epss 0.02

    librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

  • CVE-2015-7557HigMay 20, 2016
    risk 0.49cvss 7.5epss 0.02

    The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.

  • CVE-2012-0039HigJan 14, 2012
    risk 0.49cvss 7.5epss 0.02

    GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application…

  • CVE-2005-0891HigMay 2, 2005
    risk 0.49cvss 7.5epss 0.04

    Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.

  • CVE-2025-48796HigMay 27, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution.

  • CVE-2024-6655HigJul 16, 2024
    risk 0.46cvss 7.0epss 0.00

    A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.

  • CVE-2017-8871MedJun 12, 2017
    risk 0.46cvss 6.5epss 0.13

    The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.

  • CVE-2017-6313HigMar 10, 2017
    risk 0.46cvss 7.1epss 0.02

    Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.

  • CVE-2025-13601HigNov 26, 2025
    risk 0.43cvss 7.7epss 0.00

    A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the…

  • CVE-2017-8834MedJun 12, 2017
    risk 0.43cvss 6.5epss 0.04

    The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.

  • CVE-2026-2436MedMar 26, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection…

  • CVE-2026-2369MedMar 19, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.

  • CVE-2025-4969MedMay 21, 2025
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read…

  • CVE-2025-32053MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.

  • CVE-2025-32052MedApr 3, 2025
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

  • CVE-2024-36472MedMay 28, 2024
    risk 0.42cvss 6.5epss 0.00

    In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead…

  • CVE-2018-10767MedMay 6, 2018
    risk 0.42cvss 6.5epss 0.02

    There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of…

  • CVE-2017-14604MedSep 20, 2017
    risk 0.42cvss 6.5epss 0.02

    GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus…

  • CVE-2003-1564MedDec 31, 2003
    risk 0.42cvss 6.5epss 0.02

    libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka…

  • CVE-2026-1757MedFeb 2, 2026
    risk 0.40cvss 6.2epss 0.00

    A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command…

  • CVE-2018-15120MedAug 24, 2018
    risk 0.39cvss 6.5epss 0.12

    libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

  • CVE-2026-5119MedMar 30, 2026
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies,…

  • CVE-2025-9901MedSep 3, 2025
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached…

  • CVE-2025-32051MedApr 3, 2025
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).

  • CVE-2025-32050MedApr 3, 2025
    risk 0.38cvss 5.9epss 0.01

    A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

  • CVE-2026-1767MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This…

  • CVE-2026-1766MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment)…

  • CVE-2026-1765MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3…

  • CVE-2026-1764MedJun 16, 2026
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability…

  • CVE-2025-10911MedSep 25, 2025
    risk 0.36cvss 5.5epss 0.00

    A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

  • CVE-2018-14567MedAug 16, 2018
    risk 0.36cvss 6.5epss 0.04

    libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

  • CVE-2017-14108MedSep 5, 2017
    risk 0.36cvss 5.5epss 0.02

    libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.

  • CVE-2017-11171MedJul 11, 2017
    risk 0.36cvss 5.5epss 0.00

    Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each…

  • CVE-2017-7960MedApr 19, 2017
    risk 0.36cvss 5.5epss 0.02

    The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

  • CVE-2017-6314MedMar 10, 2017
    risk 0.36cvss 5.5epss 0.02

    The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

  • CVE-2017-6312MedMar 10, 2017
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

  • CVE-2016-6163MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

  • CVE-2016-9888MedDec 8, 2016
    risk 0.36cvss 5.5epss 0.01

    An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.

  • CVE-2026-4271MedMar 17, 2026
    risk 0.35cvss 5.3epss 0.01

    A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This…

  • CVE-2026-1489MedJan 27, 2026
    risk 0.35cvss 5.4epss 0.00

    A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in…

  • CVE-2025-14512MedDec 11, 2025
    risk 0.35cvss 6.5epss 0.01

    A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

  • CVE-2016-9598MedAug 16, 2018
    risk 0.35cvss 6.5epss 0.01

    libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.

  • CVE-2016-9596MedAug 16, 2018
    risk 0.35cvss 6.5epss 0.01

    libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.

  • CVE-2026-1760MedFeb 2, 2026
    risk 0.34cvss 5.3epss 0.00

    A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially…

  • CVE-2024-34397MedMay 7, 2024
    risk 0.34cvss 5.2epss 0.01

    An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals…

  • CVE-2026-0716MedJan 13, 2026
    risk 0.31cvss 4.8epss 0.00

    A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure…

Page 2 of 9