Vulnerabilities (CVE)

Filtered by vendor Gnome Subscribe
Total 271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36241 2 Fedoraproject, Gnome 2 Fedora, Gnome-autoar 2021-07-21 2.1 LOW 5.5 MEDIUM
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
CVE-2020-11736 2 Debian, Gnome 2 Debian Linux, File-roller 2021-07-21 3.3 LOW 3.9 LOW
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
CVE-2020-35457 1 Gnome 1 Glib 2021-07-21 4.6 MEDIUM 7.8 HIGH
** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented.
CVE-2019-9633 1 Gnome 1 Glib 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
CVE-2020-6750 1 Gnome 1 Glib 2021-07-21 4.3 MEDIUM 5.9 MEDIUM
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
CVE-2010-0421 1 Gnome 1 Pango 2021-07-14 4.3 MEDIUM N/A
Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
CVE-2011-0064 2 Gnome, Mozilla 2 Pango, Firefox 2021-07-14 6.8 MEDIUM N/A
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
CVE-2019-1010238 1 Gnome 1 Pango 2021-07-14 7.5 HIGH 9.8 CRITICAL
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
CVE-2011-3193 5 Canonical, Gnome, Opensuse and 2 more 8 Ubuntu Linux, Pango, Opensuse and 5 more 2021-07-14 9.3 HIGH N/A
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
CVE-2011-0020 2 Gnome, Pango 2 Pango, Pango 2021-07-14 7.6 HIGH N/A
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
CVE-2018-15120 2 Canonical, Gnome 2 Ubuntu Linux, Pango 2021-07-14 4.3 MEDIUM 6.5 MEDIUM
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
CVE-2021-27218 2 Fedoraproject, Gnome 2 Fedora, Glib 2021-07-07 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
CVE-2021-27219 2 Fedoraproject, Gnome 2 Fedora, Glib 2021-07-07 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
CVE-2021-28153 2 Fedoraproject, Gnome 2 Fedora, Glib 2021-07-07 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
CVE-2019-13012 1 Gnome 1 Glib 2021-06-29 5.0 MEDIUM 7.5 HIGH
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.
CVE-2018-16429 2 Canonical, Gnome 2 Ubuntu Linux, Glib 2021-06-29 5.0 MEDIUM 7.5 HIGH
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
CVE-2020-13645 5 Broadcom, Canonical, Fedoraproject and 2 more 6 Fabric Operating System, Ubuntu Linux, Fedora and 3 more 2021-06-22 6.4 MEDIUM 6.5 MEDIUM
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
CVE-2016-20011 1 Gnome 1 Libgrss 2021-06-09 5.0 MEDIUM 7.5 HIGH
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
CVE-2009-3721 2 Gnome, Ytnef Project 2 Evolution, Ytnef 2021-06-04 6.8 MEDIUM 7.8 HIGH
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.
CVE-2020-36314 2 Fedoraproject, Gnome 2 Fedora, File-roller 2021-06-03 2.6 LOW 3.9 LOW
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.