Gnome: Security Vulnerabilities
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
CVSS Score
8.8
EPSS Score
0.013
Published
2018-01-02
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-11-27
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-09-20
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.08
Published
2017-09-05
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.03
Published
2017-09-05
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
CVSS Score
7.8
EPSS Score
0.798
Published
2017-09-05
libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.
CVSS Score
5.5
EPSS Score
0.006
Published
2017-09-05
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
CVSS Score
7.5
EPSS Score
0.031
Published
2017-08-18
There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.
CVSS Score
7.5
EPSS Score
0.011
Published
2017-07-24
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-07-19