Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gtk Subscribe
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4425 2 Freedesktop, Gtk 2 Spice-gtk, Libgio 2023-02-12 6.9 MEDIUM N/A
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
CVE-2010-0732 2 Gnome, Gtk 2 Screensaver, Gtk\+ 2023-02-12 6.2 MEDIUM N/A
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
CVE-2005-2976 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 7.5 HIGH N/A
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.
CVE-2005-2975 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 7.8 HIGH N/A
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
CVE-2005-3186 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 7.5 HIGH N/A
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
CVE-2005-0891 1 Gtk 1 Gtk\+ 2018-10-19 5.0 MEDIUM N/A
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
CVE-2004-0782 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 7.5 HIGH N/A
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
CVE-2004-0788 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 5.0 MEDIUM N/A
Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.
CVE-2004-0783 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 7.5 HIGH N/A
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
CVE-2004-0753 2 Gnome, Gtk 2 Gdkpixbuf, Gtk\+ 2018-10-19 5.0 MEDIUM N/A
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
CVE-2005-0372 1 Gtk 1 Gtk\+ 2017-10-10 5.0 MEDIUM N/A
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
CVE-2013-7447 2 Canonical, Gtk 2 Ubuntu Linux, Gtk\\\+ 2016-12-02 4.3 MEDIUM 6.5 MEDIUM
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
CVE-2014-1949 3 Canonical, Gtk, Linuxmint 3 Ubuntu, Gtk\+, Linux Mint 2015-10-13 7.2 HIGH N/A
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.
CVE-2010-4833 1 Gtk 1 Gtk\+ 2012-02-20 9.3 HIGH N/A
Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831.
CVE-2010-4831 1 Gtk 1 Gtk\+ 2011-09-14 6.9 MEDIUM N/A
Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory.
CVE-2001-0084 1 Gtk 1 Gtk\+ 2008-09-05 7.2 HIGH N/A
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.