GNOME GNOME Free Software Desktop Project

  1. Vendors
  2. GNOME

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any GNOME product.

RSS Feeds for GNOME security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in GNOME products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by GNOME Sorted by Most Security Vulnerabilities since 2018

GNOME Libsoup35 vulnerabilities

GNOME Glib29 vulnerabilities

GNOME Gtk15 vulnerabilities

GNOME Gdk Pixbuf12 vulnerabilities

GNOME Epiphany11 vulnerabilities

GNOME Gdkpixbuf9 vulnerabilities

GNOME Evolution8 vulnerabilities

GNOME Networkmanager7 vulnerabilities

Gnome Shell6 vulnerabilities

GNOME Libcroco4 vulnerabilities

GNOME Libgsf2 vulnerabilities

GNOME Yelp2 vulnerabilities

Gnome Font Viewer2 vulnerabilities

GNOME Seahorse1 vulnerability

GNOME Libgepub1 vulnerability

GNOME Glade1 vulnerability

GNOME1 vulnerability

Gnome Maps1 vulnerability

By the Year

In 2026 there have been 5 vulnerabilities in GNOME with an average score of 6.9 out of ten. Last year, in 2025 GNOME had 36 security vulnerabilities published. Right now, GNOME is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.71.




Year Vulnerabilities Average Score
2026 5 6.94
2025 36 6.23
2024 12 7.53
2023 10 6.56
2022 11 7.42
2021 22 6.22
2020 17 6.23
2019 25 6.65
2018 20 8.42

It may take a day or so for new GNOME vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent GNOME Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-2443 Feb 13, 2026
libsoup HTTP Range Header flaw may read arbitrary memory A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
Libsoup
CVE-2026-1801 Feb 03, 2026
libsoup HTTP Request Smuggling via Malformed Chunk Headers A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure.
Libsoup
CVE-2026-1761 Feb 02, 2026
Libsoup Multipart HTTP Response Buffer Overflow CVE-2026-1761 A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
Libsoup
CVE-2020-37011 Jan 29, 2026
Gnome-FontViewer 3.34.0 Heap Overflow via Malicious TTF Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an infinite malloc() loop and potentially crash the gnome-font-viewer process.
Gnome Font Viewer
CVE-2025-3839 Jan 23, 2026
Epiphany <47.5, 48.0<48.1: Untrusted URL Handler Exploits via Client App Execution A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.
Epiphany
CVE-2025-14512 Dec 11, 2025
glib GIO escape_byte_string overflow causes heap buffer DoS A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
Glib
CVE-2025-14087 Dec 10, 2025
GLib GVariant Buffer Underflow Heap Corruption (CVE-2025-14087) A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
Glib
CVE-2025-13601 Nov 26, 2025
Glib Heap Buffer Overflow in g_escape_uri_string() A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Glib
CVE-2025-12105 Oct 23, 2025
libsoup UAF via async HTTP/2 queue race causing remote DoS A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.
Libsoup
CVE-2025-11021 Sep 26, 2025
libsoup OOB read via cookie date handling flaw A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
Libsoup
CVE-2025-9901 Sep 03, 2025
libsoup Vary header ignored in cache, info leakage risk (CVE-2025-9901) A flaw was found in libsoups caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments.
Libsoup
CVE-2025-4056 Jul 28, 2025
GLib Windows Command Line DoS (CVE-2025-4056) A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.
Glib
CVE-2025-7345 Jul 08, 2025
Heap Buffer Overflow in gdk-pixbuf JPEG Load Leading to OOB Read & Code Exec A flaw exists in gdkpixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glibs g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.
Gdk Pixbuf
CVE-2025-6196 Jun 17, 2025
libgepub Memory Allocation Bug Causing Crash (DoS) A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.
Libgepub
CVE-2025-6199 Jun 17, 2025
GdkPixbuf GIF LZW Decoder Uninitialized Buffer Leak A flaw was found in the GIF parser of GdkPixbufs LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.
Gdkpixbuf
CVE-2025-6052 Jun 13, 2025
GString Size Calc Overflow in GLib Leads to Memory Corruption A flaw was found in how GLibs GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesnt. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
Glib
CVE-2025-4969 May 21, 2025
libsoup OOB Read in Multipart HTTP Termination Violation A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).
Libsoup
CVE-2025-4945 May 19, 2025
Libsoup Cookie Expiration Integer Overflow A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
Libsoup
CVE-2025-4948 May 19, 2025
libsoup Integer Underflow in multipart parsing leads to DoS A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
Libsoup
CVE-2025-4476 May 16, 2025
libsoup DoS via crafted WWW-Authenticate header A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.
Libsoup
CVE-2025-4373 May 06, 2025
GLib GString Integer Overflow Leading to Buffer Underrun A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
Glib
CVE-2025-4035 Apr 29, 2025
libsoup Cookie Public Suffix Domain Bypass (CVE-2025-4035) A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation.
Libsoup
CVE-2025-46420 Apr 24, 2025
Memory Leak in libsoup's soup_header_parse_quality_list() A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.
Libsoup
CVE-2025-46421 Apr 24, 2025
libsoup Authorization Header Leak on HTTP Redirect (CVE-2025-46421) A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.
Libsoup
CVE-2025-32911 Apr 15, 2025
libsoup UAF in soup_message_headers_get_content_disposition A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
Libsoup
CVE-2025-32909 Apr 14, 2025
libsoup SoupContentSniffer NULL Pointer Deref in sniff_mp4 A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
Libsoup
CVE-2025-32910 Apr 14, 2025
libsoup Null ptr deref in auth_digest_authenticate causes client crash A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
Libsoup
CVE-2025-32912 Apr 14, 2025
libsoup SoupAuthDigest NULL Deref (CVE-2025-32912) A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.
Libsoup
CVE-2025-32914 Apr 14, 2025
libsoup OOB Read in soup_multipart_new_from_message() A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
Libsoup
CVE-2025-32907 Apr 14, 2025
libsoup HTTP Range Request Resource Exhaustion A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
Libsoup
CVE-2025-32908 Apr 14, 2025
libsoup HTTP/2 pseudo-header validation flaw allows DoS A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).
Libsoup
CVE-2025-32913 Apr 14, 2025
NULL pointer deref in libsoup soup_message_headers_get_content_disposition A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
Libsoup
CVE-2025-3360 Apr 07, 2025
GLib intovf & buffer under-read in ISO 8601 parser A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.
Glib
CVE-2025-32052 Apr 03, 2025
libsoup Heap Buffer Over-Read in sniff_unknown() A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
Libsoup
CVE-2025-3155 Apr 03, 2025
Yelp GNOME Help Viewer RCE: Arbitrary Script Exec via Help Docs A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Yelp
CVE-2025-32049 Apr 03, 2025
Libsoup WebSocket DoS via Large Message Vulnerability A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
Libsoup
CVE-2025-32050 Apr 03, 2025
libsoup buffer under-read via append_param_quoted overflow A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
Libsoup
CVE-2025-32051 Apr 03, 2025
libsoup DoS via malformed data URI in soup_uri_decode_data_uri A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).
Libsoup
CVE-2025-32053 Apr 03, 2025
CVE-2025-32053 libsoup Heap OOR via sniff_feed & skip_insignificant A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.
Libsoup
CVE-2025-2784 Apr 03, 2025
libsoup Heap Buffer Over-read via HTTP Skip Insight Whitespace A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
Libsoup
CVE-2020-11936 Jan 31, 2025
glib gdbus setgid PrivEsc via D-Bus gdbus setgid privilege escalation
Glib
CVE-2023-43091 Nov 17, 2024
GNOME Maps Service Configuration Code Injection Vulnerability A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.
Gnome Maps
CVE-2024-52533 Nov 11, 2024
GNOME GLib 2.x SOCKS4 Proxy Buffer Overflow Vulnerability gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
Glib
CVE-2024-52532 Nov 11, 2024
GNOME libsoup 3.x WebSocket Infinite Loop and Memory Consumption Vulnerability GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
Libsoup
CVE-2024-52531 Nov 11, 2024
GNOME libsoup Buffer Overflow Vulnerability in UTF-8 Conversion GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).
Libsoup
CVE-2024-52530 Nov 11, 2024
GNOME libsoup HTTP Request Smuggling Vulnerability in Header Parsing GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
Libsoup
CVE-2024-42415 Oct 03, 2024
Integer Overflow in libgsf 1.14.52 (GNOME) leading to heap Bof An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Libgsf
CVE-2024-36474 Oct 03, 2024
GNOME libgsf v1.14.52 Integer Overflow in Compound Doc Binary Parser An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Libgsf
CVE-2024-6655 Jul 16, 2024
GTK Library Symbol Injection via Current Working Directory A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.
Gtk
CVE-2024-36472 May 28, 2024
GNOME Shell 45.7 autorun unsafe JavaScript via portal helper In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.
Gnome Shell
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.