Vulnerabilities > Enlightenment

DATE CVE VULNERABILITY TITLE RISK
2020-05-09 CVE-2020-12761 Integer Overflow OR Wraparound vulnerability in Enlightenment Imlib2 1.6.0
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.
network
low complexity
enlightenment CWE-190
6.4
2018-12-17 CVE-2018-20167 Injection vulnerability in Enlightenment Terminology
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used.
6.8
2018-04-27 CVE-2014-1846 Permissions, Privileges, and Access Controls vulnerability in Enlightenment
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
local
low complexity
enlightenment CWE-264
4.6
2018-04-27 CVE-2014-1845 Permissions, Privileges, and Access Controls vulnerability in Enlightenment
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.
local
low complexity
enlightenment CWE-264
4.6
2017-01-23 CVE-2015-8971 Command Injection vulnerability in multiple products
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
local
low complexity
debian enlightenment CWE-77
4.6
2016-05-13 CVE-2016-4024 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.
network
low complexity
enlightenment debian opensuse CWE-119
7.5
2016-05-13 CVE-2016-3994 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.
network
low complexity
debian enlightenment CWE-119
6.4
2016-05-13 CVE-2016-3993 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.
network
low complexity
enlightenment debian CWE-119
5.0
2016-05-13 CVE-2014-9771 Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.
network
low complexity
enlightenment debian
5.0
2016-05-13 CVE-2014-9764 Improper Input Validation vulnerability in multiple products
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.
network
low complexity
debian enlightenment CWE-20
5.0