Known Vulnerabilities for products from Freedesktop
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Freedesktop".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35094 json | A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a... | Not Provided | 2026-04-01 | 2026-04-07 |
| CVE-2026-35093 json | A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user ... | Not Provided | 2026-04-01 | 2026-04-07 |
| CVE-2026-4897 json | A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `po... | Not Provided | 2026-03-26 | 2026-04-21 |
| CVE-2023-34872 json | A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash... | 5.5 - MEDIUM | 2023-07-31 | 2023-12-06 |
| CVE-2022-42012 json | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated ... | 6.5 - MEDIUM | 2022-10-10 | 2023-12-27 |
| CVE-2022-42011 json | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated ... | 6.5 - MEDIUM | 2022-10-10 | 2023-12-27 |
| CVE-2022-42010 json | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated ... | 6.5 - MEDIUM | 2022-10-10 | 2023-12-27 |
| CVE-2022-38784 json | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in... | 7.8 - HIGH | 2022-08-30 | 2023-11-07 |
| CVE-2022-38349 json | An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service becaus... | 6.5 - MEDIUM | 2023-08-22 | 2023-08-28 |
| CVE-2022-38171 json | Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream... | 7.8 - HIGH | 2022-08-22 | 2022-10-27 |
| CVE-2022-37052 json | A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in ... | 6.5 - MEDIUM | 2023-08-22 | 2023-08-25 |
| CVE-2022-37051 json | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main func... | 6.5 - MEDIUM | 2023-08-22 | 2023-12-08 |
| CVE-2022-37050 json | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with S... | 6.5 - MEDIUM | 2023-08-22 | 2023-12-08 |
| CVE-2022-31782 json | ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. | 7.8 - HIGH | 2022-06-02 | 2022-06-10 |
| CVE-2022-27337 json | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a craf... | 6.5 - MEDIUM | 2022-05-05 | 2023-11-07 |
| CVE-2022-4055 json | When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers be... | 7.4 - HIGH | 2022-11-19 | 2022-11-26 |
| CVE-2022-1215 json | A format string vulnerability was found in libinput | 7.8 - HIGH | 2022-06-02 | 2023-11-09 |
| CVE-2021-33910 json | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (i... | 5.5 - MEDIUM | 2021-07-20 | 2023-11-07 |
| CVE-2021-30860 json | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, i... | 7.8 - HIGH | 2021-08-24 | 2024-02-02 |
| CVE-2021-3185 json | A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attac... | 9.8 - CRITICAL | 2021-01-26 | 2023-11-07 |
Known software with vulnerabilities from Freedesktop
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Freedesktop | Accountsservice | 0.2 |
| Application | Freedesktop | Dbus | 1.10.0 |
| Application | Freedesktop | Dbus-glib | 0.100 |
| Application | Freedesktop | Gst-plugins-bad | 0.10.0 |
| Application | Freedesktop | Libbsd | 0.0 |
| Application | Freedesktop | Libdbus | 1.5.0 |
| Application | Freedesktop | Libice | 1.0.1 |
| Application | Freedesktop | Libmbim | 0.0.1 |
| Application | Freedesktop | Poppler | - |
| Application | Freedesktop | Systemd | 001 |
| Application | Freedesktop | Udisks | 1.0 |
| Application | Freedesktop | Xdg-user-dirs | 0.0.4 |
| Application | Freedesktop | Xdg-utils | 1.0 |