Known Vulnerabilities for products from Freedesktop

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Freedesktop".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-50292 json In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties le... Not Provided 2026-06-04 2026-06-05
CVE-2026-46470 json An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdem... Not Provided 2026-05-14 2026-05-19
CVE-2026-46469 json An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdem... Not Provided 2026-05-14 2026-05-19
CVE-2026-46211 json Not Provided 2026-05-28 2026-05-28
CVE-2026-44931 json Not Provided 2026-05-13 2026-05-13
CVE-2026-35094 json A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a... Not Provided 2026-04-01 2026-04-07
CVE-2026-35093 json A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user ... Not Provided 2026-04-01 2026-04-07
CVE-2026-4897 json A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `po... Not Provided 2026-03-26 2026-04-21
CVE-2026-1940 json An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a si... Not Provided 2026-03-23 2026-05-04
CVE-2023-34872 json A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash... 5.5 - MEDIUM 2023-07-31 2023-12-06
CVE-2022-42012 json An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated ... 6.5 - MEDIUM 2022-10-10 2023-12-27
CVE-2022-42011 json An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated ... 6.5 - MEDIUM 2022-10-10 2023-12-27
CVE-2022-42010 json An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated ... 6.5 - MEDIUM 2022-10-10 2023-12-27
CVE-2022-38784 json Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in... 7.8 - HIGH 2022-08-30 2023-11-07
CVE-2022-38349 json An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service becaus... 6.5 - MEDIUM 2023-08-22 2023-08-28
CVE-2022-38171 json Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream... 7.8 - HIGH 2022-08-22 2022-10-27
CVE-2022-37052 json A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in ... 6.5 - MEDIUM 2023-08-22 2023-08-25
CVE-2022-37051 json An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main func... 6.5 - MEDIUM 2023-08-22 2023-12-08
CVE-2022-37050 json In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with S... 6.5 - MEDIUM 2023-08-22 2023-12-08
CVE-2022-31782 json ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. 7.8 - HIGH 2022-06-02 2022-06-10
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Freedesktop

Type Vendor Product Version
ApplicationFreedesktopAccountsservice0.2
ApplicationFreedesktopDbus1.10.0
ApplicationFreedesktopDbus-glib0.100
ApplicationFreedesktopGst-plugins-bad0.10.0
ApplicationFreedesktopLibbsd0.0
ApplicationFreedesktopLibdbus1.5.0
ApplicationFreedesktopLibice1.0.1
ApplicationFreedesktopLibmbim0.0.1
ApplicationFreedesktopPoppler-
ApplicationFreedesktopSystemd001
ApplicationFreedesktopUdisks1.0
ApplicationFreedesktopXdg-user-dirs0.0.4
ApplicationFreedesktopXdg-utils1.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report