Vulnerabilities > GTK

DATE CVE VULNERABILITY TITLE RISK
2016-02-17 CVE-2013-7447 Integer Overflow vulnerability in GTK+
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
network
canonical gtk
4.3
2015-01-16 CVE-2014-1949 Improper Access Control vulnerability in multiple products
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.
local
low complexity
linuxmint gtk canonical CWE-284
7.2
2012-09-18 CVE-2012-4425 Permissions, Privileges, and Access Controls vulnerability in multiple products
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable.
6.9
2011-09-06 CVE-2010-4833 DLL Loading Arbitrary Code Execution vulnerability in GTK+
Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831.
network
gtk
critical
9.3
2011-09-06 CVE-2010-4831 DLL Loading Arbitrary Code Execution vulnerability in GTK+
Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory.
local
gtk
6.9
2010-03-19 CVE-2010-0732 Race Condition vulnerability in GTK Gtk+
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
local
high complexity
gtk gnome CWE-362
6.2
2005-11-18 CVE-2005-3186 Buffer Overflow vulnerability in GDK-Pixbuf/GTK XPM Images
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
network
low complexity
gnome gtk
7.5
2005-11-18 CVE-2005-2976 Numeric Errors vulnerability in multiple products
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
network
low complexity
gnome gtk CWE-189
7.5
2005-11-18 CVE-2005-2975 Resource Management Errors vulnerability in multiple products
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
network
low complexity
gnome gtk CWE-399
7.8
2005-05-02 CVE-2005-0891 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GTK Gtk+
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
network
low complexity
gtk CWE-119
5.0