Vulnerabilities > Gnome > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-03 CVE-2024-36474 Integer Overflow or Wraparound vulnerability in Gnome Libgsf 1.14.52
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52.
local
low complexity
gnome CWE-190
7.8
2024-10-03 CVE-2024-42415 Unspecified vulnerability in Gnome Libgsf 1.14.52
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf).
local
low complexity
gnome
7.8
2024-01-26 CVE-2022-48622 Out-of-bounds Write vulnerability in Gnome Gdkpixbuf
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file.
local
low complexity
gnome CWE-787
7.8
2023-10-13 CVE-2023-5557 A flaw was found in the tracker-miners package.
local
high complexity
gnome redhat
7.7
2023-09-14 CVE-2023-29499 Resource Exhaustion vulnerability in Gnome Glib
A flaw was found in GLib.
network
low complexity
gnome CWE-400
7.5
2023-09-14 CVE-2023-32636 Deserialization of Untrusted Data vulnerability in Gnome Glib
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499.
network
low complexity
gnome CWE-502
7.5
2023-09-14 CVE-2023-32643 Out-of-bounds Write vulnerability in Gnome Glib
A flaw was found in GLib.
local
low complexity
gnome CWE-787
7.8
2023-09-14 CVE-2023-36250 Injection vulnerability in Gnome Gnome-Time Tracker 3.0.2
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
local
low complexity
gnome CWE-74
7.8
2023-02-20 CVE-2023-26081 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
network
low complexity
gnome fedoraproject CWE-668
7.5
2022-12-26 CVE-2019-25085 Unspecified vulnerability in Gnome Gvariant Database
A vulnerability was found in GNOME gvdb.
network
low complexity
gnome
8.8