Search Results (370 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1000159 1 Gnome 1 Evince 2025-04-20 N/A
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
CVE-2017-11464 1 Gnome 1 Librsvg 2025-04-20 N/A
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
CVE-2017-11590 1 Gnome 1 Libgxps 2025-04-20 N/A
There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.
CVE-2017-7961 1 Gnome 1 Libcroco 2025-04-20 7.8 High
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.
CVE-2017-8288 1 Gnome 1 Gnome-shell 2025-04-20 N/A
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.
CVE-2017-7960 1 Gnome 1 Libcroco 2025-04-20 N/A
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.
CVE-2017-8834 2 Gnome, Opensuse 2 Libcroco, Leap 2025-04-20 6.5 Medium
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
CVE-2017-1000024 1 Gnome 1 Shotwell 2025-04-20 N/A
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
CVE-2017-6313 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2025-04-20 7.1 High
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
CVE-2017-6314 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2025-04-20 5.5 Medium
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-8871 2 Gnome, Opensuse 2 Libcroco, Leap 2025-04-20 6.5 Medium
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVE-2017-5884 3 Fedoraproject, Gnome, Redhat 3 Fedora, Gtk-vnc, Enterprise Linux 2025-04-20 N/A
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
CVE-2017-5885 3 Fedoraproject, Gnome, Redhat 3 Fedora, Gtk-vnc, Enterprise Linux 2025-04-20 N/A
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
CVE-2017-14604 3 Debian, Gnome, Redhat 3 Debian Linux, Nautilus, Enterprise Linux 2025-04-20 6.5 Medium
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.
CVE-2017-6311 2 Fedoraproject, Gnome 2 Fedora, Gdk-pixbuf 2025-04-20 7.5 High
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.
CVE-2017-1000083 3 Debian, Gnome, Redhat 9 Debian Linux, Evince, Enterprise Linux and 6 more 2025-04-20 N/A
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
CVE-2017-6312 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2025-04-20 5.5 Medium
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
CVE-2011-2198 3 Gnome, Opensuse, Oracle 3 Gnome-terminal, Opensuse, Solaris 2025-04-12 N/A
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".
CVE-2016-6855 4 Canonical, Fedoraproject, Gnome and 1 more 6 Ubuntu Linux, Fedora, Eye Of Gnome and 3 more 2025-04-12 N/A
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
CVE-2016-6352 3 Canonical, Gnome, Opensuse 4 Ubuntu Linux, Gdk-pixbuf, Leap and 1 more 2025-04-12 N/A
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.