Filtered by vendor Gnome
Subscribe
Total
349 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2443 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-06-17 | N/A | 5.3 MEDIUM |
| A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component. | |||||
| CVE-2026-1801 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-06-17 | N/A | 5.3 MEDIUM |
| A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure. | |||||
| CVE-2026-1539 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-06-17 | N/A | 5.8 MEDIUM |
| A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. | |||||
| CVE-2026-1536 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-06-17 | N/A | 5.8 MEDIUM |
| A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction. | |||||
| CVE-2026-1467 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-06-17 | N/A | 5.8 MEDIUM |
| A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services. | |||||
| CVE-2025-6199 | 2 Gnome, Redhat | 2 Gdkpixbuf, Enterprise Linux | 2026-06-17 | N/A | 3.3 LOW |
| A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image. | |||||
| CVE-2025-6196 | 2 Gnome, Redhat | 2 Libgepub, Enterprise Linux | 2026-06-17 | N/A | 5.5 MEDIUM |
| A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service. | |||||
| CVE-2025-6052 | 1 Gnome | 1 Glib | 2026-06-17 | N/A | 3.7 LOW |
| A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. | |||||
| CVE-2025-4056 | 2 Gnome, Microsoft | 2 Glib, Windows | 2026-06-17 | N/A | 7.5 HIGH |
| A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. | |||||
| CVE-2025-3155 | 3 Debian, Gnome, Redhat | 21 Debian Linux, Yelp, Codeready Linux Builder and 18 more | 2026-06-17 | N/A | 7.4 HIGH |
| A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. | |||||
| CVE-2025-2784 | 2 Gnome, Redhat | 21 Libsoup, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 18 more | 2026-06-17 | N/A | 7.0 HIGH |
| A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. | |||||
| CVE-2025-14512 | 2 Gnome, Redhat | 3 Glib, Enterprise Linux, Openshift | 2026-06-17 | N/A | 6.5 MEDIUM |
| A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | |||||
| CVE-2025-14087 | 2 Gnome, Redhat | 2 Glib, Enterprise Linux | 2026-06-17 | N/A | 5.6 MEDIUM |
| A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | |||||
| CVE-2025-13601 | 2 Gnome, Redhat | 29 Glib, Ceph Storage, Codeready Linux Builder and 26 more | 2026-06-17 | N/A | 7.7 HIGH |
| A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string. | |||||
| CVE-2024-52533 | 3 Debian, Gnome, Netapp | 4 Debian Linux, Glib, Active Iq Unified Manager and 1 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. | |||||
| CVE-2024-52532 | 1 Gnome | 1 Libsoup | 2026-06-17 | N/A | 7.5 HIGH |
| GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. | |||||
| CVE-2024-52531 | 1 Gnome | 1 Libsoup | 2026-06-17 | N/A | 6.5 MEDIUM |
| GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response). | |||||
| CVE-2024-52530 | 1 Gnome | 1 Libsoup | 2026-06-17 | N/A | 7.5 HIGH |
| GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. | |||||
| CVE-2024-42415 | 1 Gnome | 1 Libgsf | 2026-06-17 | N/A | 8.4 HIGH |
| An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-36474 | 1 Gnome | 1 Libgsf | 2026-06-17 | N/A | 8.4 HIGH |
| An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||