CVSS: 9.8EPSS: 5%CPEs: 6EXPL: 0CVE-2012-0828
https://notcve.org/view.php?id=CVE-2012-0828
21 Feb 2020 — Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). Un desbordamiento del búfer en la región heap de la memoria en xchat versión 2.8.6 sobre la arquitectura Maemo de Xchat-WDK versiones anteriores a 1499-4 (18-01-2012), podría permitir a atacantes remotos caus... • http://www.openwall.com/lists/oss-security/2012/02/01/9 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-1000044
https://notcve.org/view.php?id=CVE-2017-1000044
13 Jul 2017 — gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering En gtk-vnc versión 0.4.2 y anteriores, no comprueban correctamente los límites del framebuffer cuando se actualiza el framebuffer, lo que puede conllevar a una corrupción de memoria al renderizar. • https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5884 – gtk-vnc: Improper check of framebuffer boundaries when processing a tile
https://notcve.org/view.php?id=CVE-2017-5884
20 Feb 2017 — gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. gtk-vnc en versiones anteriores a 0.7.0 no comprueba adecuadamente los límites de azulejos que contienen sub rectángulo, lo que permite a servidores remotos ejecutar código arbitrario a través de las coordenadas src x, y en un azulejo (1) rre, (2) hextile o (3) copyrect manipulado.... • http://www.openwall.com/lists/oss-security/2017/02/03/5 • CWE-118: Incorrect Access of Indexable Resource ('Range Error') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5885 – gtk-vnc: Integer overflow when processing SetColorMapEntries
https://notcve.org/view.php?id=CVE-2017-5885
20 Feb 2017 — Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. Múltiples desbordamientos de entero en las funciones (1) vnc_connection_server_message y (2) vnc_color_map_set en gtk-vnc en versiones anteriores a 0.7.0 permiten a servidores remotos provocar una denegación de serv... • http://www.openwall.com/lists/oss-security/2017/02/03/5 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1949 – Mandriva Linux Security Advisory 2015-162
https://notcve.org/view.php?id=CVE-2014-1949
16 Jan 2015 — GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. GTK+ 3.10.9 y anteriores, utilizado en cinnamon-screensaver, gnome-screensaver, y otras aplicaciones, permite a atacantes físicamente próximos evadir la pantalla de bloqueo mediante la activación del botón del menú. Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An a... • http://advisories.mageia.org/MGASA-2014-0374.html • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4831
https://notcve.org/view.php?id=CVE-2010-4831
06 Sep 2011 — Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. Vulnerabilidad de ruta de búsqueda no segura en gdk/win32/gdkinput-win32.c in GTK+ anteriores a v2.21.8 permite a usuarios locales obtener privilegios de a través de un fichero Wintab32.dll (troyanizado) en el directorio de trabajo actual. • http://ftp.gnome.org/pub/gnome/sources/gtk+/2.21/gtk+-2.21.8.changes • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4833
https://notcve.org/view.php?id=CVE-2010-4833
06 Sep 2011 — Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. Ruta de búsqueda no segura en modules/engines/ms-windows/xp_theme.c en GTK+ anteriores a v2.24.0 permite a usuarios locales obtener privilegios de administrador a través de un fichero uxtheme.dll (troyanizado) en el directorio de trabajo actual, es una vulner... • http://git.gnome.org/browse/gtk+/commit/modules/engines/ms-windows/xp_theme.c?h=gtk-2-24&id=d6e11a97e318158f5d210a0476870dfe14ed95e6 • CWE-426: Untrusted Search Path •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0732 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2010-0732
19 Mar 2010 — gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. gdk/gdkwindow.c en GTK+ anterior a v2.18.5, utilizada en gnome-screensaver anterior a v2.28.1, realiza pinturas implícitas en las ventanas de tipo GDK_WINDOW_F... • http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0010 – GTK2 GDKPixBufLoader - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0010
24 Jan 2007 — The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. La función GdkPixbufLoader del GIMP ToolKit (GTK+) en el GTK 2 (gtk2) en versiones anteriores a la 2.4.13 atacantes dependiendo del contexto provocar una denegación de servicio (caída) a través de un fichero de imagen mal formado. • https://www.exploit-db.com/exploits/29520 •
CVSS: 7.8EPSS: 11%CPEs: 2EXPL: 0CVE-2005-2975
https://notcve.org/view.php?id=CVE-2005-2975
18 Nov 2005 — io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. • http://secunia.com/advisories/17522 • CWE-399: Resource Management Errors •