Filtered by vendor Gnome
Subscribe
Total
350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000422 | 3 Canonical, Debian, Gnome | 3 Ubuntu Linux, Debian Linux, Gdk-pixbuf | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution | |||||
| CVE-2017-1000159 | 1 Gnome | 1 Evince | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. | |||||
| CVE-2017-1000083 | 3 Debian, Gnome, Redhat | 8 Debian Linux, Evince, Enterprise Linux Desktop and 5 more | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. | |||||
| CVE-2017-1000044 | 1 Gnome | 1 Gtk-vnc | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering | |||||
| CVE-2017-1000025 | 1 Gnome | 1 Epiphany | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | |||||
| CVE-2017-1000024 | 1 Gnome | 1 Shotwell | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission | |||||
| CVE-2016-9888 | 1 Gnome | 1 Libgsf | 2026-06-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. | |||||
| CVE-2016-6855 | 4 Canonical, Fedoraproject, Gnome and 1 more | 6 Ubuntu Linux, Fedora, Eye Of Gnome and 3 more | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. | |||||
| CVE-2016-6352 | 3 Canonical, Gnome, Opensuse | 4 Ubuntu Linux, Gdk-pixbuf, Leap and 1 more | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | |||||
| CVE-2016-6163 | 1 Gnome | 1 Librsvg | 2026-06-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. | |||||
| CVE-2016-4348 | 3 Debian, Gnome, Opensuse | 4 Debian Linux, Librsvg, Leap and 1 more | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | |||||
| CVE-2016-20011 | 1 Gnome | 1 Libgrss | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. | |||||
| CVE-2016-10727 | 2 Canonical, Gnome | 2 Ubuntu Linux, Evolution | 2026-06-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly. | |||||
| CVE-2016-1000033 | 2 Gnome, Redhat | 2 Shotwell, Enterprise Linux | 2026-06-17 | 4.3 MEDIUM | 3.7 LOW |
| Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | |||||
| CVE-2016-1000002 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Gnome Display Manager, Leap and 1 more | 2026-06-17 | 2.1 LOW | 2.4 LOW |
| gdm3 3.14.2 and possibly later has an information leak before screen lock | |||||
| CVE-2015-8875 | 2 Debian, Gnome | 2 Debian Linux, Gdk-pixbuf | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-7674 | 3 Canonical, Gnome, Opensuse | 3 Ubuntu Linux, Gdk-pixbuf, Opensuse | 2026-06-17 | 6.8 MEDIUM | N/A |
| Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-7673 | 2 Gnome, Opensuse | 2 Gdk-pixbuf, Opensuse | 2026-06-17 | 6.8 MEDIUM | N/A |
| io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. | |||||
| CVE-2015-7558 | 2 Debian, Gnome | 2 Debian Linux, Librsvg | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. | |||||
| CVE-2015-7557 | 1 Gnome | 1 Librsvg | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. | |||||