Vulnerabilities > Enlightenment

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2024-25447 Out-of-bounds Write vulnerability in Enlightenment Imlib2 1.9.1
An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
network
low complexity
enlightenment CWE-787
8.8
2024-02-09 CVE-2024-25448 Out-of-bounds Write vulnerability in Enlightenment Imlib2 1.9.1
An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
network
low complexity
enlightenment CWE-787
8.8
2024-02-09 CVE-2024-25450 Unspecified vulnerability in Enlightenment Imlib2 1.9.1
imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
network
low complexity
enlightenment
8.8
2020-05-09 CVE-2020-12761 Integer Overflow or Wraparound vulnerability in Enlightenment Imlib2 1.6.0
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.
network
low complexity
enlightenment CWE-190
6.4
2018-12-17 CVE-2018-20167 Injection vulnerability in Enlightenment Terminology
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used.
6.8
2018-04-27 CVE-2014-1846 Permissions, Privileges, and Access Controls vulnerability in Enlightenment
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
local
low complexity
enlightenment CWE-264
4.6
2018-04-27 CVE-2014-1845 Permissions, Privileges, and Access Controls vulnerability in Enlightenment
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.
local
low complexity
enlightenment CWE-264
4.6
2017-01-23 CVE-2015-8971 Command Injection vulnerability in multiple products
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
local
low complexity
debian enlightenment CWE-77
4.6
2016-05-13 CVE-2016-4024 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.
network
low complexity
enlightenment debian opensuse CWE-119
7.5
2016-05-13 CVE-2016-3994 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.
network
low complexity
debian enlightenment CWE-119
6.4