Enlightenment

enlightenment

32 CVEs • 4 products

Products (4)

Click to collapse

Toggle

CVEs (32)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-25450 1Enlightenment 1Imlib2 Jun 16, 2025 Feb 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
CVE-2024-25448 1Enlightenment 1Imlib2 Nov 21, 2024 Feb 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
CVE-2024-25447 1Enlightenment 1Imlib2 May 15, 2025 Feb 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
CVE-2022-37706 1Enlightenment 1Enlightenment Apr 14, 2025 Dec 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
CVE-2020-12761 1Enlightenment 1Imlib2 Nov 21, 2024 May 9, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.
CVE-2018-20167 1Enlightenment 1Terminology Nov 21, 2024 Dec 17, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution...Show more Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.Show less
CVE-2014-1846 1Enlightenment 1Enlightenment Nov 21, 2024 Apr 27, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
CVE-2014-1845 1Enlightenment 1Enlightenment Nov 21, 2024 Apr 27, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.
CVE-2015-8971 2Debian Enlightenment 2Debian Linux Terminology May 13, 2026 Jan 23, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
CVE-2016-4024 3Debian EnlightenmentOpensuse 3Debian Linux Imlib2Opensuse May 6, 2026 May 13, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.
CVE-2016-3994 2Debian Enlightenment 2Debian Linux Imlib2 May 6, 2026 May 13, 2016 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.
CVE-2016-3993 2Debian Enlightenment 2Debian Linux Imlib2 May 6, 2026 May 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.
CVE-2014-9771 2Debian Enlightenment 2Debian Linux Imlib2 May 6, 2026 May 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.
CVE-2014-9764 2Debian Enlightenment 2Debian Linux Imlib2 May 6, 2026 May 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.
CVE-2014-9763 2Debian Enlightenment 2Debian Linux Imlib2 May 6, 2026 May 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.
CVE-2014-9762 2Debian Enlightenment 2Debian Linux Imlib2 May 6, 2026 May 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.
CVE-2011-5326 2Debian Enlightenment 2Debian Linux Imlib2 May 6, 2026 May 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.
CVE-2010-0991 1Enlightenment 1Imlib2 Apr 29, 2026 Apr 22, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h.
CVE-2008-6079 1Enlightenment 1Imlib2 Apr 23, 2026 Feb 6, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer...Show more imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows."Show less
CVE-2008-5187 1Enlightenment 1Imlib2 Apr 23, 2026 Nov 21, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer...Show more The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.Show less

12 Next