Gnome: community verdicts

3 notable / known-exploited Gnome CVEs the community has triaged.

ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Gnome CVE, see NVD ↗.

CVE-2025-3155HIGH 7.4EPSS 11%
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
CVE-2023-32611MED 5.5EPSS 0%
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
CVE-2025-6199LOW 3.3EPSS 0%
A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.