Gnome: Security Vulnerabilities
A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-07-28
A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-06-17
A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-17
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-06-13
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-04-15
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
CVSS Score
7.4
EPSS Score
0.002
Published
2025-04-03
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
CVSS Score
7.0
EPSS Score
0.01
Published
2025-04-03
Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-01-31
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-11-17
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
CVSS Score
9.8
EPSS Score
0.032
Published
2024-11-11
Page 1