Vulnerabilities > Gnome > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-10 CVE-2017-6313 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
local
low complexity
gnome fedoraproject debian CWE-191
7.1
2017-03-10 CVE-2017-6311 NULL Pointer Dereference vulnerability in multiple products
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.
network
low complexity
gnome fedoraproject CWE-476
7.5
2017-02-28 CVE-2017-5884 Range Error vulnerability in multiple products
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
local
low complexity
fedoraproject gnome CWE-118
7.8
2016-09-07 CVE-2016-6855 Out-of-bounds Write vulnerability in multiple products
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
network
low complexity
fedoraproject opensuse canonical gnome CWE-787
7.5
2015-11-24 CVE-2015-7496 Permissions, Privileges, and Access Controls vulnerability in multiple products
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
local
low complexity
fedoraproject gnome CWE-264
7.2
2015-03-29 CVE-2015-2785 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Byzanz
The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.
network
low complexity
gnome CWE-119
7.5
2015-01-27 CVE-2014-8154 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
network
low complexity
gnome opensuse CWE-119
7.5
2014-12-25 CVE-2014-7300 Resource Management Errors vulnerability in multiple products
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
local
low complexity
gnome redhat CWE-399
7.2
2013-03-08 CVE-2013-1050 Permissions, Privileges, and Access Controls vulnerability in Gnome Screensaver 3.5.4/3.5.5/3.6.0
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.
local
low complexity
gnome CWE-264
7.2
2011-06-14 CVE-2011-1709 Permissions, Privileges, and Access Controls vulnerability in Gnome GDM
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
local
low complexity
gnome CWE-264
7.2