Vulnerabilities > Gnome > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-19 CVE-2017-7960 Out-of-bounds Read vulnerability in Gnome Libcroco 0.6.11/0.6.12
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.
local
low complexity
gnome CWE-125
5.5
2017-03-10 CVE-2017-6314 Infinite Loop vulnerability in multiple products
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
local
low complexity
gnome fedoraproject debian CWE-835
5.5
2017-03-10 CVE-2017-6312 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
local
low complexity
gnome fedoraproject debian CWE-190
5.5
2017-02-03 CVE-2016-6163 Out-of-bounds Read vulnerability in Gnome Librsvg 2.40.2
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.
local
low complexity
gnome CWE-125
5.5
2016-12-08 CVE-2016-9888 NULL Pointer Dereference vulnerability in Gnome Libgsf
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
local
low complexity
gnome CWE-476
5.5