CVE-2016-6352

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package libwebkitgtk4 updated to version 2.14.0-alt1 for branch sisyphus in task 169832.

Published: 2020-01-22
Modified: 2024-11-21

CVE-2016-4761

WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Package evolution updated to version 3.22.0-alt1 for branch sisyphus in task 169832.

Published: 2018-07-20
Modified: 2024-11-21

CVE-2016-10727

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Branch sisyphus update on 2016-09-29

ALT-BU-2016-3019-1

ALT-PU-2016-2037-1

Closed bugs

Bug #32386

ALT-PU-2016-2041-1

Closed vulnerabilities

CVE-2016-6352

ALT-PU-2016-2042-1

Closed vulnerabilities

CVE-2016-4761

ALT-PU-2016-2043-1

Closed vulnerabilities

CVE-2016-10727