Vulnerabilities > Gnome
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-1000422 | Integer Overflow or Wraparound vulnerability in multiple products Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution | 6.8 |
| 2017-11-27 | CVE-2017-1000159 | OS Command Injection vulnerability in Gnome Evince Command injection in evince via filename when printing to PDF. | 4.6 |
| 2017-09-20 | CVE-2017-14604 | Improper Input Validation vulnerability in multiple products GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. | 4.0 |
| 2017-09-05 | CVE-2017-2870 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. | 6.8 |
| 2017-09-05 | CVE-2017-2862 | Out-of-bounds Write vulnerability in multiple products An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. | 6.8 |
| 2017-09-05 | CVE-2017-14108 | Resource Exhaustion vulnerability in Gnome Gedit 3.22.1 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. | 7.1 |
| 2017-09-05 | CVE-2017-1000083 | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. | 6.8 |
| 2017-08-18 | CVE-2015-2675 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Librest 0.7.92 The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. | 7.5 |
| 2017-07-24 | CVE-2017-11590 | NULL Pointer Dereference vulnerability in Gnome Libgxps 0.2.5 There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. | 4.3 |
| 2017-07-19 | CVE-2017-11464 | Divide By Zero vulnerability in Gnome Librsvg 2.40.17 A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. | 6.8 |