Vulnerabilities > Freedesktop

DATE CVE VULNERABILITY TITLE RISK
2022-11-19 CVE-2022-4055 Improper Neutralization of Expression/Command Delimiters vulnerability in Freedesktop Xdg-Utils
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368.
network
low complexity
freedesktop CWE-146
7.4
2022-10-10 CVE-2022-42010 Improper Verification of Cryptographic Signature vulnerability in multiple products
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2.
network
low complexity
freedesktop fedoraproject CWE-347
6.5
2022-10-10 CVE-2022-42011 Improper Validation of Array Index vulnerability in multiple products
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2.
network
low complexity
freedesktop fedoraproject CWE-129
6.5
2022-10-10 CVE-2022-42012 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2.
network
low complexity
freedesktop fedoraproject
6.5
2022-08-30 CVE-2022-38784 Integer Overflow or Wraparound vulnerability in multiple products
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc).
local
low complexity
freedesktop debian fedoraproject CWE-190
7.8
2022-08-22 CVE-2022-38171 Integer Overflow or Wraparound vulnerability in multiple products
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc).
local
low complexity
xpdfreader freedesktop CWE-190
7.8
2022-06-02 CVE-2022-1215 Use of Externally-Controlled Format String vulnerability in Freedesktop Libinput
A format string vulnerability was found in libinput
local
low complexity
freedesktop CWE-134
7.8
2022-06-02 CVE-2022-31782 Out-of-bounds Write vulnerability in Freedesktop Freetype Demo Programs
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.
6.8
2022-05-05 CVE-2022-27337 A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
network
low complexity
freedesktop fedoraproject debian
6.5
2021-08-24 CVE-2021-30860 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow was addressed with improved input validation.
local
low complexity
apple xpdfreader freedesktop CWE-190
7.8