GNOME Free Software Desktop Project
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any GNOME product.
RSS Feeds for GNOME security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in GNOME products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by GNOME Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 32 vulnerabilities in GNOME with an average score of 6.3 out of ten. Last year, in 2024 GNOME had 12 security vulnerabilities published. That is, 20 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 1.25
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 32 | 6.27 |
| 2024 | 12 | 7.53 |
| 2023 | 10 | 6.76 |
| 2022 | 11 | 7.30 |
| 2021 | 22 | 6.16 |
| 2020 | 16 | 6.26 |
| 2019 | 24 | 6.98 |
| 2018 | 19 | 7.88 |
It may take a day or so for new GNOME vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNOME Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-12105 | Oct 23, 2025 |
libsoup UAF via async HTTP/2 queue race causing remote DoSA flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition. |
Libsoup
|
| CVE-2025-11021 | Sep 26, 2025 |
libsoup OOB read via cookie date handling flawA flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup. |
Libsoup
|
| CVE-2025-4056 | Jul 28, 2025 |
GLib Windows Command Line DoS (CVE-2025-4056)A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. |
Glib
|
| CVE-2025-7345 | Jul 08, 2025 |
Heap Buffer Overflow in gdk-pixbuf JPEG Load Leading to OOB Read & Code ExecA flaw exists in gdkpixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glibs g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution. |
Gdk Pixbuf
|
| CVE-2025-6196 | Jun 17, 2025 |
libgepub Memory Allocation Bug Causing Crash (DoS)A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service. |
Libgepub
|
| CVE-2025-6199 | Jun 17, 2025 |
GdkPixbuf GIF LZW Decoder Uninitialized Buffer LeakA flaw was found in the GIF parser of GdkPixbufs LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image. |
Gdkpixbuf
|
| CVE-2025-6052 | Jun 13, 2025 |
GString Size Calc Overflow in GLib Leads to Memory CorruptionA flaw was found in how GLibs GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesnt. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. |
Glib
|
| CVE-2025-4969 | May 21, 2025 |
libsoup OOB Read in Multipart HTTP Termination ViolationA vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read). |
Libsoup
|
| CVE-2025-4945 | May 19, 2025 |
Libsoup Cookie Expiration Integer OverflowA flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines. |
Libsoup
|
| CVE-2025-4948 | May 19, 2025 |
libsoup Integer Underflow in multipart parsing leads to DoSA flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk. |
Libsoup
|
| CVE-2025-4476 | May 16, 2025 |
libsoup DoS via crafted WWW-Authenticate headerA denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server. |
Libsoup
|
| CVE-2025-4373 | May 06, 2025 |
GLib GString Integer Overflow Leading to Buffer UnderrunA flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. |
Glib
|
| CVE-2025-4035 | Apr 29, 2025 |
libsoup Cookie Public Suffix Domain Bypass (CVE-2025-4035)A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation. |
Libsoup
|
| CVE-2025-46421 | Apr 24, 2025 |
libsoup Authorization Header Leak on HTTP Redirect (CVE-2025-46421)A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. |
Libsoup
|
| CVE-2025-46420 | Apr 24, 2025 |
Memory Leak in libsoup's soup_header_parse_quality_list()A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes. |
Libsoup
|
| CVE-2025-32911 | Apr 15, 2025 |
libsoup UAF in soup_message_headers_get_content_dispositionA use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. |
Libsoup
|
| CVE-2025-32914 | Apr 14, 2025 |
libsoup OOB Read in soup_multipart_new_from_message()A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds. |
Libsoup
|
| CVE-2025-32912 | Apr 14, 2025 |
libsoup SoupAuthDigest NULL Deref (CVE-2025-32912)A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. |
Libsoup
|
| CVE-2025-32910 | Apr 14, 2025 |
libsoup Null ptr deref in auth_digest_authenticate causes client crashA flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash. |
Libsoup
|
| CVE-2025-32909 | Apr 14, 2025 |
libsoup SoupContentSniffer NULL Pointer Deref in sniff_mp4A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash. |
Libsoup
|
| CVE-2025-32913 | Apr 14, 2025 |
NULL pointer deref in libsoup soup_message_headers_get_content_dispositionA flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function. |
Libsoup
|
| CVE-2025-32908 | Apr 14, 2025 |
libsoup HTTP/2 pseudo-header validation flaw allows DoSA flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS). |
Libsoup
|
| CVE-2025-32907 | Apr 14, 2025 |
libsoup HTTP Range Request Resource ExhaustionA flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service. |
Libsoup
|
| CVE-2025-3360 | Apr 07, 2025 |
GLib intovf & buffer under-read in ISO 8601 parserA flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. |
Glib
|
| CVE-2025-32051 | Apr 03, 2025 |
libsoup DoS via malformed data URI in soup_uri_decode_data_uriA flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS). |
Libsoup
|
| CVE-2025-3155 | Apr 03, 2025 |
Yelp GNOME Help Viewer RCE: Arbitrary Script Exec via Help DocsA flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. |
Yelp
|
| CVE-2025-32052 | Apr 03, 2025 |
libsoup Heap Buffer Over-Read in sniff_unknown()A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. |
Libsoup
|
| CVE-2025-32053 | Apr 03, 2025 |
CVE-2025-32053 libsoup Heap OOR via sniff_feed & skip_insignificantA flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. |
Libsoup
|
| CVE-2025-32050 | Apr 03, 2025 |
libsoup buffer under-read via append_param_quoted overflowA flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. |
Libsoup
|
| CVE-2025-32049 | Apr 03, 2025 |
Libsoup WebSocket DoS via Large Message VulnerabilityA flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). |
Libsoup
|
| CVE-2025-2784 | Apr 03, 2025 |
libsoup Heap Buffer Over-read via HTTP Skip Insight WhitespaceA flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. |
Libsoup
|
| CVE-2020-11936 | Jan 31, 2025 |
glib gdbus setgid PrivEsc via D-Busgdbus setgid privilege escalation |
Glib
|
| CVE-2023-43091 | Nov 17, 2024 |
GNOME Maps Service Configuration Code Injection VulnerabilityA flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code. |
Gnome Maps
|
| CVE-2024-52533 | Nov 11, 2024 |
GNOME GLib 2.x SOCKS4 Proxy Buffer Overflow Vulnerabilitygio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. |
Glib
|
| CVE-2024-52532 | Nov 11, 2024 |
GNOME libsoup 3.x WebSocket Infinite Loop and Memory Consumption VulnerabilityGNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. |
Libsoup
|
| CVE-2024-52531 | Nov 11, 2024 |
GNOME libsoup Buffer Overflow Vulnerability in UTF-8 ConversionGNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response). |
Libsoup
|
| CVE-2024-52530 | Nov 11, 2024 |
GNOME libsoup HTTP Request Smuggling Vulnerability in Header ParsingGNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. |
Libsoup
|
| CVE-2024-42415 | Oct 03, 2024 |
Integer Overflow in libgsf 1.14.52 (GNOME) leading to heap BofAn integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. |
Libgsf
|
| CVE-2024-36474 | Oct 03, 2024 |
GNOME libgsf v1.14.52 Integer Overflow in Compound Doc Binary ParserAn integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. |
Libgsf
|
| CVE-2024-6655 | Jul 16, 2024 |
GTK Library Symbol Injection via Current Working DirectoryA flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory. |
Gtk
|
| CVE-2024-36472 | May 28, 2024 |
GNOME Shell 45.7 autorun unsafe JavaScript via portal helperIn GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. |
Gnome Shell
|
| CVE-2024-34397 | May 07, 2024 |
GLib <2.80.1 GDBus Signal Spoofing VulnerabilityAn issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. |
Glib
|
| CVE-2020-36774 | Feb 19, 2024 |
GNOME Glade <=3.38.1/3.40.0 DoS via GladeGtkBox Rebuildplugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash). |
Glade
|
| CVE-2022-48622 | Jan 26, 2024 |
GdkPixbuf ANI Decoder Heap Corruption <=2.42.10 (io-ani.c)In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. |
Gdkpixbuf
Gdk Pixbuf
|
| CVE-2023-5557 | Oct 13, 2023 |
TrackerMiners Sandbox Bypass (CVE20235557)A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. |
Tracker Miners
|
| CVE-2023-43090 | Sep 22, 2023 |
A vulnerability was found in GNOME ShellA vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. |
Gnome Shell
|
| CVE-2023-32636 | Sep 14, 2023 |
A flaw was found in glibA flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. |
Glib
|
| CVE-2023-29499 | Sep 14, 2023 |
A flaw was found in GLibA flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. |
Glib
|
| CVE-2023-32611 | Sep 14, 2023 |
A flaw was found in GLibA flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. |
Glib
|
| CVE-2023-32665 | Sep 14, 2023 |
A flaw was found in GLibA flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. |
Glib
|