Search Results (371 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-6196 2 Gnome, Redhat 2 Libgepub, Enterprise Linux 2025-11-06 5.5 Medium
A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.
CVE-2024-52532 2 Gnome, Redhat 2 Libsoup, Enterprise Linux 2025-11-03 7.5 High
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
CVE-2024-52531 2 Gnome, Redhat 8 Libsoup, Camel K, Enterprise Linux and 5 more 2025-11-03 6.5 Medium
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).
CVE-2024-52530 2 Gnome, Redhat 7 Libsoup, Enterprise Linux, Rhel Aus and 4 more 2025-11-03 7.5 High
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
CVE-2024-42415 1 Gnome 1 Libgsf 2025-11-03 8.4 High
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-36474 1 Gnome 1 Libgsf 2025-11-03 8.4 High
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-1736 2 Canonical, Gnome 2 Ubuntu Linux, Gnome-remote-desktop 2025-08-26 9.8 Critical
Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.
CVE-2023-5616 2 Canonical, Gnome 2 Ubuntu Linux, Control Center 2025-08-26 4.9 Medium
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.
CVE-2023-43091 2 Gnome, Gnome Maps 2 Gnome-maps, Gnome Maps 2025-08-06 9.8 Critical
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.
CVE-2024-52533 4 Debian, Gnome, Netapp and 1 more 5 Debian Linux, Glib, Active Iq Unified Manager and 2 more 2025-06-17 9.8 Critical
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
CVE-2020-36774 1 Gnome 1 Glade 2025-05-07 5.5 Medium
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
CVE-2022-37290 2 Fedoraproject, Gnome 2 Fedora, Nautilus 2025-05-01 5.5 Medium
GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
CVE-2020-29385 3 Canonical, Fedoraproject, Gnome 3 Ubuntu Linux, Fedora, Gdk-pixbuf 2025-04-29 5.5 Medium
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
CVE-2017-7960 1 Gnome 1 Libcroco 2025-04-20 N/A
The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.
CVE-2017-5884 3 Fedoraproject, Gnome, Redhat 3 Fedora, Gtk-vnc, Enterprise Linux 2025-04-20 N/A
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
CVE-2015-2675 2 Gnome, Redhat 2 Librest, Enterprise Linux 2025-04-20 N/A
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
CVE-2017-8871 2 Gnome, Opensuse 2 Libcroco, Leap 2025-04-20 6.5 Medium
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVE-2017-2862 3 Debian, Gnome, Redhat 3 Debian Linux, Gdk-pixbuf, Enterprise Linux 2025-04-20 7.8 High
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
CVE-2017-6314 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2025-04-20 5.5 Medium
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
CVE-2017-1000025 1 Gnome 1 Epiphany 2025-04-20 N/A
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.