CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-25450
https://notcve.org/view.php?id=CVE-2024-25450
09 Feb 2024 — imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). Se descubrió que imlib2 v1.9.1 maneja mal la asignación de memoria en la función init_imlib_fonts(). • https://git.enlightenment.org/old/legacy-imlib2/issues/20 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-25448
https://notcve.org/view.php?id=CVE-2024-25448
09 Feb 2024 — An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. Un problema en la función imlib_free_image_and_decache de imlib2 v1.9.1 permite a los atacantes provocar un desbordamiento de búfer de almacenamiento dinámico mediante el análisis de una imagen manipulada. • https://git.enlightenment.org/old/legacy-imlib2/issues/20 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-25447
https://notcve.org/view.php?id=CVE-2024-25447
09 Feb 2024 — An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. Un problema en la función imlib_load_image_with_error_return de imlib2 v1.9.1 permite a los atacantes provocar un desbordamiento de búfer de almacenamiento dinámico mediante el análisis de una imagen manipulada. • https://git.enlightenment.org/old/legacy-imlib2/issues/20 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 50%CPEs: 1EXPL: 12CVE-2022-37706 – Ubuntu Enlightenment Mount Priv Esc
https://notcve.org/view.php?id=CVE-2022-37706
28 Sep 2022 — enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring. enlightenment_sys en Enlightenment anterior a 0.25.4 permite a los usuarios locales obtener privilegios porque es setuid root, y la función de librería del sistema maneja mal los nombres de ruta que comienzan con una subcadena /dev/.. Maher Azzouzi discovered that missing input sanitising in the Enlightenme... • https://packetstorm.news/files/id/170339 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12761 – Ubuntu Security Notice USN-5099-1
https://notcve.org/view.php?id=CVE-2020-12761
09 May 2020 — modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. El archivo modules/loaders/loader_ico.c en imlib2 versión 1.6.0, presenta un desbordamiento de enteros (con unas asignaciones de memoria no válidas resultantes y lecturas fuera de límites) por medio de un icono con muchos colores en su mapa de colores. It was discovered that Imlib2 incorrectly handled certain ICO images. An at... • https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-20167
https://notcve.org/view.php?id=CVE-2018-20167
17 Dec 2018 — Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unkno... • https://phab.enlightenment.org/T7504 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1845
https://notcve.org/view.php?id=CVE-2014-1845
27 Apr 2018 — An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. Un ayudante root setuid sin especificar en Enlightenment, en versiones anteriores a la 0.17.6, permite que usuarios locales obtengan privilegios aprovechando el error a la hora de sanear el entorno. • http://www.openwall.com/lists/oss-security/2014/02/03/19 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1846
https://notcve.org/view.php?id=CVE-2014-1846
27 Apr 2018 — Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. Enlightenment, en versiones anteriores a la 0.17.6, podría permitir que los usuarios locales obtengan privilegios mediante el método gdb. • http://www.openwall.com/lists/oss-security/2014/02/03/19 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8971
https://notcve.org/view.php?id=CVE-2015-8971
23 Jan 2017 — Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. Terminology 0.7.0 permite a atacantes remotos ejecutar comandos arbitrarios a través de secuencias de escape que modifican el título de la ventana y luego se escriben a el terminal, un problema similar a CVE-2003-0063. • http://www.debian.org/security/2016/dsa-3712 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2011-5326 – Debian Security Advisory 3555-1
https://notcve.org/view.php?id=CVE-2011-5326
25 Apr 2016 — imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse. Imlib2 en versiones anteriores a 1.4.9 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de aplicación) dibujando una elipse 2x1. Jakub Wilk discovered an out of bounds read in the GIF loader implementation in Imlib2. An attacker could use this to cause a denial of service or possibly obtain sensitive information. Yu... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html • CWE-189: Numeric Errors •