Vulnerabilities > Gnome > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2015-7558 Improper Input Validation vulnerability in multiple products
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
network
low complexity
debian gnome CWE-20
7.5
2016-05-20 CVE-2015-7557 Improper Input Validation vulnerability in Gnome Librsvg
The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.
network
low complexity
gnome CWE-20
7.5
2009-09-22 CVE-2009-3289 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
local
low complexity
gnome opensuse suse CWE-732
7.8
2005-05-02 CVE-2005-0891 Double Free vulnerability in Gnome GTK
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
network
low complexity
gnome CWE-415
7.5