Vulnerabilities > Freedesktop

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-1215 Use of Externally-Controlled Format String vulnerability in Freedesktop Libinput
A format string vulnerability was found in libinput
local
low complexity
freedesktop CWE-134
7.2
2022-06-02 CVE-2022-31782 Out-of-bounds Write vulnerability in Freedesktop Freetype Demo Programs
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.
6.8
2022-05-05 CVE-2022-27337 Unspecified vulnerability in Freedesktop Poppler 22.03.0
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
network
freedesktop
4.3
2021-06-02 CVE-2015-1877 Command Injection vulnerability in multiple products
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
6.8
2021-06-01 CVE-2020-27748 Information Exposure Through Sent Data vulnerability in Freedesktop Xdg-Utils
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer.
4.3
2021-01-26 CVE-2021-3185 Out-of-bounds Write vulnerability in Freedesktop Gst-Plugins-Bad
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
network
low complexity
freedesktop CWE-787
7.5
2020-12-25 CVE-2020-35702 Out-of-bounds Write vulnerability in Freedesktop Poppler 20.12.1
** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document.
6.8
2020-12-03 CVE-2020-27778 Access of Uninitialized Pointer vulnerability in multiple products
A flaw was found in Poppler in the way certain PDF files were converted into HTML.
network
low complexity
freedesktop redhat CWE-824
5.0
2020-11-11 CVE-2020-16127 Infinite Loop vulnerability in Freedesktop Accountsservice
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
local
low complexity
freedesktop CWE-835
2.1
2020-11-11 CVE-2020-16126 Unspecified vulnerability in Freedesktop Accountsservice
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
local
low complexity
freedesktop
2.1