Gnome: Security Vulnerabilities
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.047
Published
2005-11-18
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.036
Published
2005-10-25
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
CVSS Score
2.1
EPSS Score
0.009
Published
2005-10-05
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.
CVSS Score
7.5
EPSS Score
0.044
Published
2005-08-12
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.
CVSS Score
7.5
EPSS Score
0.044
Published
2005-08-12
Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.
CVSS Score
7.5
EPSS Score
0.035
Published
2005-08-01
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
CVSS Score
2.6
EPSS Score
0.077
Published
2005-05-20
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVSS Score
5.0
EPSS Score
0.016
Published
2005-05-02
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
CVSS Score
5.0
EPSS Score
0.036
Published
2005-05-02
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
CVSS Score
7.5
EPSS Score
0.039
Published
2005-05-02