cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-42415,https://securityvulnerability.io/vulnerability/CVE-2024-42415,Integer Overflow Vulnerability in GNOME Project G Structured File Library (libgsf) Could Lead to Arbitrary Code Execution,"The GNOME Project's G Structured File Library (libgsf) contains an integer overflow vulnerability within its Compound Document Binary File format parser in version 1.14.52. This flaw can be exploited when processing a specially crafted file, which may cause an overflow that leads to a heap-based buffer overflow. Attackers could leverage this vulnerability by providing a malicious file, allowing for the execution of arbitrary code. Given the nature of this vulnerability, it poses significant risks for systems utilizing this library, warranting immediate attention and mitigation strategies.",GNOME Project,Libgsf,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-10-03T16:15:00.000Z,0
CVE-2024-36474,https://securityvulnerability.io/vulnerability/CVE-2024-36474,Integer Overflow Vulnerability in GNOME Project's G Structured File Library (libgsf),"An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. This vulnerability is triggered by processing specially crafted files, which can lead to an out-of-bounds index being used when accessing arrays. This scenario creates a pathway for potential arbitrary code execution. Attackers can exploit this flaw by providing crafted files, causing unintended consequences within the affected software.",Gnome Project,G Structured File Library (libgsf),7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-10-03T15:24:46.204Z,0
CVE-2022-48622,https://securityvulnerability.io/vulnerability/CVE-2022-48622,Heap Memory Corruption in GNOME GdkPixbuf for Windows Animated Cursors,"The vulnerability in GNOME GdkPixbuf arises from improper handling of the ANI (Windows animated cursor) file format, particularly within the ani_load_chunk function located in io-ani.c. When GdkPixbuf processes crafted .ani files, it may experience heap memory corruption leading to potential overwriting of heap metadata. This flaw allows an attacker to exploit the vulnerability to execute arbitrary code or cause a denial of service. The issue primarily stems from how gdk_pixbuf_set_option function deals with malformed cursor files, emphasizing the need for stringent input validation.",Gnome,Gdkpixbuf,7.8,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2024-01-26T00:00:00.000Z,0
CVE-2023-36250,https://securityvulnerability.io/vulnerability/CVE-2023-36250,CSV Injection Vulnerability in GNOME Time Tracker 3.0.2,"A CSV Injection vulnerability has been identified in GNOME Time Tracker version 3.0.2. This flaw allows local attackers to execute arbitrary code by constructing specially crafted .tsv files when creating new records. Such a vulnerability poses a significant risk, as it could lead to unauthorized code execution on the user's system, potentially compromising sensitive data and overall security.",Gnome,Gnome-time Tracker,7.8,HIGH,0.0007900000200606883,false,,false,false,true,2023-09-01T23:06:33.000Z,true,false,false,,2023-09-14T00:00:00.000Z,0
CVE-2023-26081,https://securityvulnerability.io/vulnerability/CVE-2023-26081,Password Exfiltration Vulnerability in Epiphany Browser by GNOME,"In Epiphany (also known as GNOME Web) version 43.0, a security flaw exists where untrusted web content can manipulate the autofill feature, causing users' passwords to be inadvertently exfiltrated from sandboxed contexts. This vulnerability highlights the risks associated with autofill mechanisms when interacting with potentially malicious websites.",Gnome,Epiphany,7.5,HIGH,0.0017600000137463212,false,,false,false,false,,,false,false,,2023-02-20T03:15:00.000Z,0
CVE-2021-42522,https://securityvulnerability.io/vulnerability/CVE-2021-42522,Information Disclosure in Anjuta Document Manager Plugin by GNOME,"Anjuta Document Manager has a vulnerability due to improper handling of the libxml2 API, resulting in potential information disclosure. The failure to release allocated memory by not invoking 'g_free()' on the output returned by 'xmlGetProp()' poses risks of unintended information leakage. Users of Anjuta should apply necessary updates to mitigate the security implications of this vulnerability.",Gnome,Gnome Anjuta,7.5,HIGH,0.0012600000482052565,false,,false,false,false,,,false,false,,2022-08-25T17:27:07.000Z,0
CVE-2021-46829,https://securityvulnerability.io/vulnerability/CVE-2021-46829,Heap-based Buffer Overflow in GDK-PixBuf Affects GNOME Software,"GDK-PixBuf versions earlier than 2.42.8 are susceptible to a heap-based buffer overflow, which can occur during the compositing or clearing of frames in GIF files. This flaw could potentially be exploited for arbitrary code execution, particularly on 32-bit systems. As users interact with GIF animations, an attacker may craft a malicious GIF that triggers the overflow, leading to compromised system security.",Gnome,Gdk-pixbuf,7.8,HIGH,0.001509999972768128,false,,false,false,false,,,false,false,,2022-07-24T18:47:35.000Z,0
CVE-2022-29536,https://securityvulnerability.io/vulnerability/CVE-2022-29536,Buffer Overflow Vulnerability in GNOME Epiphany Browser,"A vulnerability in GNOME's Epiphany browser allows for a client buffer overflow due to improper handling of UTF-8 ellipsis characters, specifically in the ephy_string_shorten function during the UI process. This issue arises when an HTML document contains a long page title that exceeds the expected number of bytes, leading to potential exploitation scenarios.",Gnome,Epiphany,7.5,HIGH,0.008820000104606152,false,,false,false,false,,,false,false,,2022-04-20T23:15:00.000Z,0
CVE-2021-3567,https://securityvulnerability.io/vulnerability/CVE-2021-3567,Input Mechanism Vulnerability in Caribou Affecting System Locking Applications,"A security flaw in Caribou allows attackers to circumvent screen-locking applications that utilize this input method, leading to potential threats to system availability. This issue originated from a regression of a previous fix for a similar vulnerability, indicating a lapse in effective input mechanism security.",Gnome,Caribou,7.5,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-03-25T18:02:48.000Z,0
CVE-2022-27811,https://securityvulnerability.io/vulnerability/CVE-2022-27811,OS Command Injection Vulnerability in GNOME OCRFeeder Software,"An OS command injection vulnerability exists in GNOME OCRFeeder, enabling attackers to exploit shell metacharacters in PDF or image filenames. This flaw allows unauthorized command execution, potentially compromising system integrity. Users are encouraged to upgrade to version 0.8.4 or later to mitigate the risk. For further details, refer to the official GitLab merge request and related issues.",Gnome,Ocrfeeder,9.8,CRITICAL,0.009589999914169312,false,,false,false,false,,,false,false,,2022-03-24T00:00:00.000Z,0
CVE-2021-44648,https://securityvulnerability.io/vulnerability/CVE-2021-44648,Heap-buffer Overflow in GNOME gdk-pixbuf Affects Image Processing,"The GNOME gdk-pixbuf version 2.42.6 exposes a vulnerability characterized by a heap-buffer overflow which occurs when processing GIF files containing LZW compressed streams. This specific vulnerability arises when the minimum code size for the LZW encoded data is set to 12, potentially allowing attackers to exploit the flaw during image decoding operations.",Gnome,Gdkpixbuf,8.8,HIGH,0.017419999465346336,false,,false,false,false,,,false,false,,2022-01-12T12:31:26.000Z,0
CVE-2021-20240,https://securityvulnerability.io/vulnerability/CVE-2021-20240,,A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.,Gnome,Gdk-pixbuf,8.8,HIGH,0.002950000111013651,false,,false,false,false,,,false,false,,2021-05-28T10:42:35.000Z,0
CVE-2009-3721,https://securityvulnerability.io/vulnerability/CVE-2009-3721,,"Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.",Gnome,Ytnef,7.8,HIGH,0.0022700000554323196,false,,false,false,false,,,false,false,,2021-05-26T21:06:53.000Z,0
CVE-2016-20011,https://securityvulnerability.io/vulnerability/CVE-2016-20011,,"libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.",Gnome,Libgrss,7.5,HIGH,0.0031300000846385956,false,,false,false,false,,,false,false,,2021-05-25T20:09:43.000Z,0
CVE-2021-33516,https://securityvulnerability.io/vulnerability/CVE-2021-33516,,"An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.",Gnome,Gupnp,8.1,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2021-05-24T14:53:02.000Z,0
CVE-2021-27219,https://securityvulnerability.io/vulnerability/CVE-2021-27219,,An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.,Gnome,Glib,7.5,HIGH,0.00343000004068017,false,,false,false,false,,,false,false,,2021-02-15T16:27:38.000Z,0
CVE-2021-27218,https://securityvulnerability.io/vulnerability/CVE-2021-27218,,"An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.",Gnome,Glib,7.5,HIGH,0.008310000412166119,false,,false,false,false,,,false,false,,2021-02-15T16:27:20.000Z,0
CVE-2020-35457,https://securityvulnerability.io/vulnerability/CVE-2020-35457,,"GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is ""Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()."" The researcher states that this pattern is undocumented",Gnome,Glib,7.8,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2020-12-14T22:25:09.000Z,0
CVE-2020-16125,https://securityvulnerability.io/vulnerability/CVE-2020-16125,gdm3 would start gnome-initial-setup if it cannot contact accountservice,gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.,Gnome,Gdm3,7.2,HIGH,0.0009200000204145908,false,,false,false,true,2023-08-03T08:24:28.000Z,true,false,false,,2020-11-10T05:15:00.000Z,0
CVE-2020-16118,https://securityvulnerability.io/vulnerability/CVE-2020-16118,,"In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.",Gnome,Balsa,7.5,HIGH,0.0012400000123307109,false,,false,false,false,,,false,false,,2020-07-29T17:58:51.000Z,0
CVE-2020-12825,https://securityvulnerability.io/vulnerability/CVE-2020-12825,,"libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.",Gnome,Libcroco,7.1,HIGH,0.0017999999690800905,false,,false,false,false,,,false,false,,2020-05-12T17:30:57.000Z,0
CVE-2019-20326,https://securityvulnerability.io/vulnerability/CVE-2019-20326,,A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.,Gnome,Gthumb,7.8,HIGH,0.0038900000508874655,false,,false,false,true,2020-01-03T01:39:03.000Z,true,false,false,,2020-03-16T21:33:36.000Z,0
CVE-2013-4166,https://securityvulnerability.io/vulnerability/CVE-2013-4166,,"The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.",Gnome,"Evolution,Evolution Data Server",7.5,HIGH,0.003160000080242753,false,,false,false,false,,,false,false,,2020-02-06T14:29:39.000Z,0
CVE-2012-6111,https://securityvulnerability.io/vulnerability/CVE-2012-6111,,gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function,Gnome-keyring,Gnome-keyring,7.5,HIGH,0.0033100000582635403,false,,false,false,false,,,false,false,,2019-12-20T14:25:51.000Z,0
CVE-2012-5535,https://securityvulnerability.io/vulnerability/CVE-2012-5535,,gnome-system-log polkit policy allows arbitrary files on the system to be read,Gnome-system-log,Gnome-system-log,7.5,HIGH,0.0019499999471008778,false,,false,false,false,,,false,false,,2019-11-25T13:11:27.000Z,0