gnome gtk CVE Vulnerabilities (15)

CVEs: 15 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting gnome gtk (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 115 of 15 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2012-0828 Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). [email protected] 9.8 4.28% 2020-02-21 2026-06-16
CVE-2014-1949 GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. [email protected] 7.2 0.33% 2015-01-16 2026-06-16
CVE-2010-4833 Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. [email protected] 9.3 2.26% 2011-09-06 2026-06-16
CVE-2010-4831 Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. [email protected] 6.9 0.39% 2011-09-06 2026-06-16
CVE-2010-0732 gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. [email protected] 6.2 0.30% 2010-03-19 2026-06-16
CVE-2007-0010 The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. [email protected] 2.1 0.90% 2007-01-24 2026-06-16
CVE-2005-2976 Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. [email protected] 7.5 4.43% 2005-11-18 2026-06-16
CVE-2005-2975 io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. [email protected] 7.8 3.12% 2005-11-18 2026-06-16
CVE-2005-0891 Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. [email protected] 7.5 3.90% 2005-05-02 2026-06-16
CVE-2005-0372 Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. [email protected] 5.0 3.65% 2005-05-02 2026-06-16
CVE-2004-0788 Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file. [email protected] 5.0 5.87% 2004-10-20 2026-06-16
CVE-2004-0783 Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). [email protected] 7.5 9.43% 2004-10-20 2026-06-16
CVE-2004-0782 Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687). [email protected] 7.5 9.18% 2004-10-20 2026-06-16
CVE-2004-0753 The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file. [email protected] 5.0 5.92% 2004-10-20 2026-06-16
CVE-2001-0084 GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. [email protected] 7.2 1.22% 2001-02-12 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence