Gnu: Security Vulnerabilities
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
CVSS Score
4.3
EPSS Score
0.026
Published
2007-08-27
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
CVSS Score
6.8
EPSS Score
0.027
Published
2007-08-25
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
CVSS Score
7.8
EPSS Score
0.02
Published
2007-06-21
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
CVSS Score
7.2
EPSS Score
0.007
Published
2007-06-05
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
CVSS Score
6.0
EPSS Score
0.022
Published
2007-06-04
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
CVSS Score
4.3
EPSS Score
0.013
Published
2007-05-22
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
CVSS Score
10.0
EPSS Score
0.054
Published
2007-05-04
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
CVSS Score
7.8
EPSS Score
0.014
Published
2007-04-22
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.
CVSS Score
6.6
EPSS Score
0.003
Published
2007-03-07
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
CVSS Score
5.0
EPSS Score
0.054
Published
2007-03-06