Updated cups packages fix security vulnerabilities

The updated packages fix security vulnerabilities and a regression with GTK+ apps caused by the fix for CVE-2025-58436: OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack. CVE-2025-58436 OpenPrinting CUPS vulnerable to stack based out-of-bound write. CVE-2025-61915...

[SECURITY] Fedora 41 Update: gdk-pixbuf2-2.42.12-9.fc41

gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter...

CVE-2017-1000121

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products...

The vulnerability of the Web page rendering modules in WebKitGTK+ and WPE WebKit lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Web page rendering modules in WebKitGTK+ and WPE WebKit relates to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

The vulnerability of the web page rendering modules in WebKitGTK+ and WPE WebKit operating systems for iOS, iPadOS, tvOS, macOS, watchOS, and the Safari browser allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Web page rendering modules in WebKitGTK+ and WPE WebKit operating systems for iOS, iPadOS, tvOS, macOS, watchOS, and the Safari browser is related to the disclosure of information. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to...

MGASA-2016-0069 Updated gtk+2.0 packages fix CVE-2013-7447

Updated gtk+2.0 packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gdkcairosetsourcepixbuf, leading to a crash of the app that called it, for example, eom CVE-2013-7447...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the accessibility of protected information

Multiple vulnerabilities in the gtk+ package up to version 2.8.6-r1 of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to the compromise of protected information. These vulnerabilities can be exploited remotely...

UBUNTU-CVE-2014-1949

GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button...

MGASA-2014-0374 Updated gtk+3.0 packages fix CVE-2014-1949

Updated gtk+3.0 packages fix security vulnerability: Clemens Fries reported that, when using Cinnamon, it was possible to bypass the screensaver lock. An attacker with physical access to the machine could use this flaw to take over the locked desktop session CVE-2014-1949. This was fixed by...

PT-2011-1768 · Gtk+ Team · Gtk+

Name of the Vulnerable Software and Affected Versions: GTK+ versions prior to 2.24.0 Description: The issue is related to an untrusted search path vulnerability in the modules/engines/ms-windows/xp theme.c module. This allows local users to gain privileges via a Trojan horse uxtheme.dll file in t...

GTK+ may insecurely load dynamic libraries

Overview GTK+ may use unsafe methods for determining how to load DLLs. GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IP...

DEBIAN-CVE-2010-0732

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDKWINDOWFOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an...

security flaw

The GdkPixbufLoader function in GIMP ToolKit GTK+ in GTK 2 gtk2 before 2.4.13 allows context-dependent attackers to cause a denial of service crash via a malformed image file...

security flaw

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow...

security flaw

Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. dot dot sequences in filenames returned from a LIST command...

DEBIAN-CVE-2005-0372

Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. dot dot sequences in filenames returned from a LIST command...

DEBIAN-CVE-2004-0783

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...

GdkPixbuf XPM parser contains a stack overflow vulnerability

Overview A stack overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for...

CESA-2004-005: gtk+ XPM decoder

CESA-2004-005 - rev 1 http://scary.beasts.org/security/CESA-2004-005.txt gtk+-2.4.4 XPM image decoder parsing flaws ========================================== Programs: gtk+, and any programs which use gtk+ to decode XPM files. For example, Evolution. Severity: Compromise of account used to brows...

security flaw

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...