Vulnerabilities > Gnome > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-12 CVE-2018-5345 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
7.8
2018-01-02 CVE-2017-1000422 Integer Overflow or Wraparound vulnerability in multiple products
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
network
low complexity
gnome debian canonical CWE-190
8.8
2017-11-27 CVE-2017-1000159 OS Command Injection vulnerability in Gnome Evince
Command injection in evince via filename when printing to PDF.
local
low complexity
gnome CWE-78
7.8
2017-09-05 CVE-2017-2870 Integer Overflow or Wraparound vulnerability in multiple products
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang.
local
low complexity
gnome debian CWE-190
7.8
2017-09-05 CVE-2017-2862 Out-of-bounds Write vulnerability in multiple products
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6.
local
low complexity
gnome debian CWE-787
7.8
2017-09-05 CVE-2017-1000083 backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
local
low complexity
gnome debian redhat
7.8
2017-08-18 CVE-2015-2675 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Librest 0.7.92
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
network
low complexity
gnome CWE-119
7.5
2017-07-24 CVE-2017-11590 NULL Pointer Dereference vulnerability in Gnome Libgxps 0.2.5
There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5.
network
low complexity
gnome CWE-476
7.5
2017-07-19 CVE-2017-11464 Divide By Zero vulnerability in Gnome Librsvg 2.40.17
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
local
low complexity
gnome CWE-369
7.8
2017-07-17 CVE-2017-1000025 Information Exposure vulnerability in Gnome Epiphany
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
network
low complexity
gnome CWE-200
7.5