VYPR

Vendor CVEs

GNOME Foundation

All CVEs

407 total · sorted by risk
  • CVE-2025-60018MedSep 25, 2025
    risk 0.31cvss 4.8epss 0.00

    glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read.

  • CVE-2025-4373MedMay 6, 2025
    risk 0.31cvss 4.8epss 0.00

    A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

  • CVE-2025-14087MedDec 10, 2025
    risk 0.29cvss 5.6epss 0.01

    A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

  • CVE-2026-10028MedMay 28, 2026
    risk 0.28cvss 4.3epss 0.00

    A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which…

  • CVE-2026-2272MedMar 26, 2026
    risk 0.28cvss 4.3epss 0.01

    A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer…

  • CVE-2025-4476MedMay 16, 2025
    risk 0.28cvss 4.3epss 0.00

    A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header.…

  • CVE-2024-38394MedJun 16, 2024
    risk 0.28cvss 4.3epss 0.00

    Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB…

  • CVE-2026-1484MedJan 27, 2026
    risk 0.27cvss 4.2epss 0.00

    A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications…

  • CVE-2017-12164MedJul 26, 2018
    risk 0.27cvss 4.1epss 0.00

    A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

  • CVE-2026-2708LowApr 23, 2026
    risk 0.24cvss 3.7epss 0.00

    A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields.…

  • CVE-2026-0988LowJan 21, 2026
    risk 0.24cvss 3.7epss 0.00

    A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being…

  • CVE-2025-3360LowApr 7, 2025
    risk 0.24cvss 3.7epss 0.00

    A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.

  • CVE-2016-1000033LowOct 25, 2016
    risk 0.24cvss 3.7epss 0.01

    Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.

  • CVE-2025-11731LowOct 14, 2025
    risk 0.20cvss 3.1epss 0.00

    A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This…

  • CVE-2026-1485LowJan 27, 2026
    risk 0.18cvss 2.8epss 0.00

    A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds…

  • CVE-2025-6052LowJun 13, 2025
    risk 0.17cvss 3.7epss 0.00

    A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a…

  • CVE-2025-8732LowAug 8, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has…

  • CVE-2025-6170LowJun 16, 2025
    risk 0.09cvss 2.5epss 0.00

    A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful…

  • CVE-2011-0020Jan 24, 2011
    risk 0.05cvss epss 0.19

    Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or…

  • CVE-2008-3533Aug 18, 2008
    risk 0.05cvss epss 0.19

    Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within…

  • CVE-2018-20781Feb 12, 2019
    risk 0.04cvss epss 0.01

    In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

  • CVE-2013-5745Oct 1, 2013
    risk 0.04cvss epss 0.09

    The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote…

  • CVE-2012-2738Jul 22, 2012
    risk 0.04cvss epss 0.11

    The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.

  • CVE-2008-5660Dec 17, 2008
    risk 0.04cvss epss 0.09

    Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.

  • CVE-2006-0528Feb 2, 2006
    risk 0.04cvss epss 0.09

    The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the…

  • CVE-2005-1686May 20, 2005
    risk 0.04cvss epss 0.08

    Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that…

  • CVE-2003-0407Jun 30, 2003
    risk 0.04cvss epss 0.16

    Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.

  • CVE-2000-0491May 24, 2000
    risk 0.04cvss epss 0.18

    Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.

  • CVE-2023-38633Jul 22, 2023
    risk 0.03cvss epss 0.02

    A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include…

  • CVE-2012-1096Mar 10, 2020
    risk 0.03cvss epss 0.01

    NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

  • CVE-2008-7185Sep 8, 2009
    risk 0.03cvss epss 0.03

    GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.

  • CVE-2007-1266Mar 6, 2007
    risk 0.03cvss epss 0.05

    Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the…

  • CVE-2007-0010Jan 24, 2007
    risk 0.03cvss epss 0.01

    The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

  • CVE-2007-0235Jan 16, 2007
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which…

  • CVE-2005-0023Oct 5, 2005
    risk 0.03cvss epss 0.01

    gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.

  • CVE-2003-0165Apr 2, 2003
    risk 0.03cvss epss 0.02

    Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.

  • CVE-2002-1814Dec 31, 2002
    risk 0.03cvss epss 0.01

    Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.

  • CVE-2001-0084Feb 12, 2001
    risk 0.03cvss epss 0.01

    GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.

  • CVE-2000-0864Nov 14, 2000
    risk 0.03cvss epss 0.01

    Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.

  • CVE-2000-0504Jun 19, 2000
    risk 0.03cvss epss 0.03

    libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

  • CVE-1999-1477Sep 23, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.

  • CVE-2020-16125Nov 10, 2020
    risk 0.02cvss epss 0.01

    gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a…

  • CVE-2022-40304Nov 23, 2022
    risk 0.01cvss epss 0.07

    An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

  • CVE-2021-27218Feb 15, 2021
    risk 0.01cvss epss 0.04

    An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

  • CVE-2019-1010238Jul 19, 2019
    risk 0.01cvss epss 0.06

    Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is:…

  • CVE-2015-4491Aug 16, 2015
    risk 0.01cvss epss 0.08

    Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or…

  • CVE-2012-4433Nov 18, 2012
    risk 0.01cvss epss 0.13

    Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map…

  • CVE-2011-3193Jun 16, 2012
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

  • CVE-2010-2642Jan 7, 2011
    risk 0.01cvss epss 0.14

    Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…

  • CVE-2004-0888Jan 27, 2005
    risk 0.01cvss epss 0.09

    Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by…

Page 3 of 9