Gnome: Security Vulnerabilities
The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.
CVSS Score
7.5
EPSS Score
0.005
Published
2016-05-20
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted Truevision TGA image.
CVSS Score
4.3
EPSS Score
0.013
Published
2015-12-16
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.
CVSS Score
6.8
EPSS Score
0.009
Published
2015-12-16
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-11-24
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
CVSS Score
5.0
EPSS Score
0.011
Published
2015-11-17
Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.
CVSS Score
6.8
EPSS Score
0.016
Published
2015-10-26
io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.
CVSS Score
6.8
EPSS Score
0.014
Published
2015-10-26
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
CVSS Score
6.8
EPSS Score
0.043
Published
2015-08-16
The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.
CVSS Score
7.5
EPSS Score
0.019
Published
2015-03-29
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.009
Published
2015-01-27