8 matches found
SUSE SLED15 / SLES15 Security Update : spice-gtk (SUSE-SU-2018:2709-1)
This update for spice-gtk fixes the following issues : Security issues fixed : CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295 Other bugs fixed: Add setuid bit to spice-client-glib-usb-acl-helper...
SUSE-SU-2018:2594-1 Security update for spice-gtk
This update for spice-gtk fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295...
SUSE-SU-2018:0877-1 Security update for spice-gtk
This update for spice-gtk fixes the following issues: - CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissio...
gtk+ protection bypass
Screen lock bypass...
CVE-2013-4324
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkitunixprocessnew API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process...
CVE-2005-2975
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service infinite loop via a crafted XPM image with a large number of colors...
gtk+ security hole.
while going through a quick audit of gtk i found: gtk+ can be tricked into running arbitrary code via a bogus module. this means any program using gtk that is setid can be exploited via this method. here is an exploit i wrote for this security hole: original xgtk.cworking/un-wrapped:...
GTK+ 1.2.8 - Arbitrary Loadable Module Execution
// source: https://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The problem occurs in the ability to load modules with the...