25 matches found
UBUNTU-CVE-2026-12322
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
EUVD-2026-37068
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12322
CVE-2026-12322 is a clickjacking vulnerability in the Gtk Widget component affecting Mozilla Firefox and Thunderbird. The issue, described across multiple sources, is due to a UI framing/embedding flaw that could enable deceptive UI interaction. Affected products were updated to mitigate the vuln...
PT-2026-49691
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A clickjacking issue exists in the Widget: Gtk component. Clickjacking is a technique where an attacker tricks a user into clicking something different from what the...
[SECURITY] Fedora 42 Update: webkitgtk-2.52.1-1.fc42
WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...
[SECURITY] Fedora 42 Update: webkitgtk-2.50.4-1.fc42
WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...
CLSA-2025-1745946091 gtk3: Fix of CVE-2024-6655
CVE-2024-6655: prevent injection of libraries from current working directory...
gtk3: gtk2: Library injection from CWD
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...
DEBIAN-CVE-2024-6655
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...
AZL-43381 CVE-2024-6655 affecting package gtk2 for versions less than 2.24.32-12
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...
USN-6899-1 gtk+2.0, gtk+3.0 vulnerability
It was discovered that GTK would attempt to load modules from the current directory, contrary to expectations. If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges...
UBUNTU-CVE-2024-6655
A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...
gtk-rs GTK3 bindings - no longer maintained
The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...
gtk-rs GTK3 bindings - no longer maintained
The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...
gtk-rs GTK3 bindings - no longer maintained
The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...
SUSE CVE-2004-0783
Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...
SUSE CVE-2013-7447
Integer overflow in the gdkcairosetsourcepixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service crash via a large image file, which triggers a large...
Mozilla: Arbitrary file read from GTK drag and drop on Linux
The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData...
Mozilla Firefox 缓冲区错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer error vulnerability that originates from not performing validation checks on GTK drag and drop data. An attacker could exploit the vulnerability to obtain sensitiv...
OpenJDK: GTK library loading use-after-free (AWT, 8185325)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...