Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-3186

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Nov, 2005 | 11:00
Updated At-07 Aug, 2024 | 23:01
Rejected At-
Credits

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Nov, 2005 | 11:00
Updated At:07 Aug, 2024 | 23:01
Rejected At:
▼CVE Numbering Authority (CNA)

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.novell.com/linux/security/advisories/2005_65_gtk2.html
vendor-advisory
x_refsource_SUSE
http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
third-party-advisory
x_refsource_IDEFENSE
http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/15435
vdb-entry
x_refsource_BID
http://secunia.com/advisories/17710
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/18509
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/428052/100/0/threaded
vendor-advisory
x_refsource_FEDORA
http://www.debian.org/security/2005/dsa-911
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/17562
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/17615
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-811.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/17522
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2433
vdb-entry
x_refsource_VUPEN
http://www.debian.org/security/2005/dsa-913
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/17538
third-party-advisory
x_refsource_SECUNIA
http://securityreason.com/securityalert/188
third-party-advisory
x_refsource_SREASON
http://www.ubuntu.com/usn/usn-216-1
vendor-advisory
x_refsource_UBUNTU
http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
vendor-advisory
x_refsource_MANDRIVA
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt
vendor-advisory
x_refsource_SCO
http://securitytracker.com/id?1015216
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/17591
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/17770
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/17594
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/17588
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/17592
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/17791
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/17657
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-810.html
vendor-advisory
x_refsource_REDHAT
http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf
x_refsource_CONFIRM
Hyperlink: http://www.novell.com/linux/security/advisories/2005_65_gtk2.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
Resource:
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/15435
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/17710
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/18509
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/428052/100/0/threaded
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.debian.org/security/2005/dsa-911
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/17562
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/17615
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-811.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/17522
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2005/2433
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.debian.org/security/2005/dsa-913
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/17538
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securityreason.com/securityalert/188
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.ubuntu.com/usn/usn-216-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt
Resource:
vendor-advisory
x_refsource_SCO
Hyperlink: http://securitytracker.com/id?1015216
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/17591
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/17770
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/17594
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/17588
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/17592
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/17791
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/17657
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-810.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.novell.com/linux/security/advisories/2005_65_gtk2.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
third-party-advisory
x_refsource_IDEFENSE
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/15435
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/17710
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/18509
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/428052/100/0/threaded
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.debian.org/security/2005/dsa-911
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/17562
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/17615
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-811.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/17522
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2005/2433
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.debian.org/security/2005/dsa-913
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/17538
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securityreason.com/securityalert/188
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.ubuntu.com/usn/usn-216-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
vendor-advisory
x_refsource_MANDRIVA
x_transferred
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt
vendor-advisory
x_refsource_SCO
x_transferred
http://securitytracker.com/id?1015216
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/17591
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/17770
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/17594
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/17588
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/17592
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/17791
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/17657
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-810.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2005_65_gtk2.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/15435
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/17710
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/18509
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/428052/100/0/threaded
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.debian.org/security/2005/dsa-911
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/17562
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/17615
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-811.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/17522
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2005/2433
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.debian.org/security/2005/dsa-913
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/17538
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securityreason.com/securityalert/188
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-216-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt
Resource:
vendor-advisory
x_refsource_SCO
x_transferred
Hyperlink: http://securitytracker.com/id?1015216
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/17591
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/17770
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/17594
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/17588
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/17592
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/17791
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/17657
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-810.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Nov, 2005 | 06:03
Updated At:03 Apr, 2025 | 01:03

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
The GNOME Project
gnome
>>gdkpixbuf>>*
cpe:2.3:a:gnome:gdkpixbuf:*:*:*:*:*:*:*:*
gtk
gtk
>>gtk\+>>2.4.0
cpe:2.3:a:gtk:gtk\+:2.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-03-14T00:00:00

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References
HyperlinkSourceResource
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txtcve@mitre.org
N/A
http://secunia.com/advisories/17522cve@mitre.org
N/A
http://secunia.com/advisories/17538cve@mitre.org
N/A
http://secunia.com/advisories/17562cve@mitre.org
N/A
http://secunia.com/advisories/17588cve@mitre.org
N/A
http://secunia.com/advisories/17591cve@mitre.org
N/A
http://secunia.com/advisories/17592cve@mitre.org
N/A
http://secunia.com/advisories/17594cve@mitre.org
N/A
http://secunia.com/advisories/17615cve@mitre.org
N/A
http://secunia.com/advisories/17657cve@mitre.org
N/A
http://secunia.com/advisories/17710cve@mitre.org
N/A
http://secunia.com/advisories/17770cve@mitre.org
N/A
http://secunia.com/advisories/17791cve@mitre.org
N/A
http://secunia.com/advisories/18509cve@mitre.org
N/A
http://securityreason.com/securityalert/188cve@mitre.org
N/A
http://securitytracker.com/id?1015216cve@mitre.org
N/A
http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdfcve@mitre.org
N/A
http://www.debian.org/security/2005/dsa-911cve@mitre.org
N/A
http://www.debian.org/security/2005/dsa-913cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200511-14.xmlcve@mitre.org
N/A
http://www.idefense.com/application/poi/display?id=339&type=vulnerabilitiescve@mitre.org
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:214cve@mitre.org
N/A
http://www.novell.com/linux/security/advisories/2005_65_gtk2.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2005-810.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-811.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/428052/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/15435cve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-216-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2005/2433cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503cve@mitre.org
N/A
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17522af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17538af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17562af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17588af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17591af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17592af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17594af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17615af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17657af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17710af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17770af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/17791af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/18509af854a3a-2127-422b-91ae-364da2661108
N/A
http://securityreason.com/securityalert/188af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1015216af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2005/dsa-911af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2005/dsa-913af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200511-14.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.idefense.com/application/poi/display?id=339&type=vulnerabilitiesaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:214af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2005_65_gtk2.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2005-810.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-811.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/428052/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/15435af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/usn-216-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2005/2433af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17522
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17538
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17562
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17588
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17591
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17592
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17594
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17615
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17657
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17710
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17770
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/17791
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/18509
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/188
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1015216
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-911
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-913
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2005_65_gtk2.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-810.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-811.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/428052/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/15435
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-216-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2005/2433
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8/SCOSA-2006.8.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17522
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17538
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17562
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17588
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17591
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17592
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17594
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17615
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17657
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17710
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17770
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/17791
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/18509
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/188
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1015216
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2005-229.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-911
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2005/dsa-913
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200511-14.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:214
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2005_65_gtk2.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-810.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-811.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/428052/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/15435
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-216-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2005/2433
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9503
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

26Records found
CVE-2017-2885
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-9.38% / 92.46%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

Action-Not Available
Vendor-The GNOME ProjectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktoplibsouplibsoup
CWE ID-CWE-787
Out-of-bounds Write
CVE-2005-2958
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-1.68% / 81.44%
||
7 Day CHG~0.00%
Published-25 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-libgda2n/a
CVE-2005-2976
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.72% / 81.62%
||
7 Day CHG~0.00%
Published-18 Nov, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-gdkpixbufgtkn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2005-2550
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.16% / 89.49%
||
7 Day CHG~0.00%
Published-12 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-evolutionn/a
CVE-2005-2549
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.93% / 85.89%
||
7 Day CHG~0.00%
Published-12 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-evolutionn/a
CVE-2005-0206
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.53% / 90.73%
||
7 Day CHG~0.00%
Published-15 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

Action-Not Available
Vendor-cstexasciixpdftetexpdftohtmleasy_software_productsn/aThe GNOME ProjectUbuntuKDEGentoo Foundation, Inc.SUSESilicon Graphics, Inc.Debian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-tetexxpdfubuntu_linuxkdecstetexdebian_linuxlinuxptexlinux_advanced_workstationpropackcupskofficegpdfmandrake_linux_corporate_serverenterprise_linux_desktopsuse_linuxkpdfadvanced_linux_environmentpdftohtmlfedora_coreenterprise_linuxn/a
CVE-2004-0782
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-30.04% / 96.49%
||
7 Day CHG~0.00%
Published-17 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).

Action-Not Available
Vendor-n/aThe GNOME Project
Product-gdkpixbufgtkn/a
CVE-2004-0783
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-30.60% / 96.55%
||
7 Day CHG~0.00%
Published-17 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).

Action-Not Available
Vendor-n/aThe GNOME Project
Product-gdkpixbufgtkn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2001-0928
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.88% / 89.16%
||
7 Day CHG~0.00%
Published-02 Feb, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-libgtop_daemonn/a
CVE-2010-0409
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.54%
||
7 Day CHG~0.00%
Published-08 Feb, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-gmimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-2410
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.05% / 83.14%
||
7 Day CHG~0.00%
Published-01 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-networkmanagern/a
CVE-2001-0927
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.05% / 83.14%
||
7 Day CHG~0.00%
Published-02 Feb, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-libgtop_daemonn/a
CVE-2003-0080
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.19%
||
7 Day CHG~0.00%
Published-18 Mar, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-gnome-lokkitn/a
CVE-2019-17266
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.90% / 74.68%
||
7 Day CHG~0.00%
Published-06 Oct, 2019 | 21:48
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

Action-Not Available
Vendor-n/aCanonical Ltd.The GNOME Project
Product-ubuntu_linuxlibsoupn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1010238
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-2.94% / 85.90%
||
7 Day CHG~0.00%
Published-19 Jul, 2019 | 16:42
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxThe GNOME ProjectFedora ProjectOracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxsd-wan_edgeopenshift_container_platformenterprise_linux_server_ausfedoraenterprise_linuxenterprise_linux_workstationenterprise_linux_euspangoenterprise_linux_server_tusenterprise_linux_desktopPango
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-16428
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.02% / 76.28%
||
7 Day CHG-0.09%
Published-04 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.

Action-Not Available
Vendor-n/aCanonical Ltd.The GNOME Project
Product-ubuntu_linuxglibn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-12450
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 76.59%
||
7 Day CHG~0.00%
Published-29 May, 2019 | 16:16
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxopenSUSEThe GNOME ProjectFedora ProjectRed Hat, Inc.
Product-ubuntu_linuxdebian_linuxglibenterprise_linux_server_ausenterprise_linuxfedoraenterprise_linux_eusenterprise_linux_server_tusleapn/a
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-12910
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.80% / 90.94%
||
7 Day CHG~0.00%
Published-05 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxopenSUSEThe GNOME ProjectRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxopenshift_container_platformenterprise_linux_workstationenterprise_linux_desktoplibsoupansible_towerleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-2785
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.90% / 82.45%
||
7 Day CHG~0.00%
Published-29 Mar, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-byzanzn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-8154
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.55%
||
7 Day CHG~0.00%
Published-27 Jan, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.

Action-Not Available
Vendor-n/aopenSUSEThe GNOME Project
Product-valaopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-27811
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.05% / 88.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-ocrfeedern/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-12422
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 66.53%
||
7 Day CHG~0.00%
Published-15 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-evolutionn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5885
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 69.89%
||
7 Day CHG~0.00%
Published-28 Feb, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.

Action-Not Available
Vendor-n/aFedora ProjectThe GNOME Project
Product-fedoragtk-vncn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2012-0828
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.89% / 90.23%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 17:20
Updated-06 Aug, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).

Action-Not Available
Vendor-xchat-wdkxchatxchatThe GNOME Project
Product-xchatxchat-wdkgtkxchatXchat-WDK
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-2897
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 75.87%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 13:37
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

Action-Not Available
Vendor-gdk-pixbufThe GNOME ProjectDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxgdk-pixbufenterprise_linuxgdk-pixbuf
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1000044
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.67% / 81.34%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering

Action-Not Available
Vendor-n/aThe GNOME Project
Product-gtk-vncn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Details not found