Vulnerabilities > Gnome > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000024 | Cleartext Transmission of Sensitive Information vulnerability in Gnome Shotwell Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission | 7.5 |
| 2017-04-27 | CVE-2017-8288 | Improper Input Validation vulnerability in Gnome Gnome-Shell gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. | 8.1 |
| 2017-04-19 | CVE-2017-7961 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Libcroco 0.6.11/0.6.12 The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. | 7.8 |
| 2017-03-10 | CVE-2017-6313 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. | 7.1 |
| 2017-03-10 | CVE-2017-6311 | NULL Pointer Dereference vulnerability in multiple products gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. | 7.5 |
| 2017-02-28 | CVE-2017-5884 | Range Error vulnerability in multiple products gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | 7.8 |
| 2016-10-03 | CVE-2016-6352 | Out-of-bounds Write vulnerability in multiple products The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | 7.5 |
| 2016-09-07 | CVE-2016-6855 | Out-of-bounds Write vulnerability in multiple products Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. | 7.5 |
| 2016-06-01 | CVE-2015-8875 | Numeric Errors vulnerability in multiple products Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. | 7.8 |
| 2016-05-20 | CVE-2016-4348 | Improper Input Validation vulnerability in multiple products The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | 7.5 |