Emilio Pozuelo Monfort

**Name of the Vulnerable Software and Affected Versions** gnome-shell versions 3.22 through 3.24.1 **Description** The issue arises from the mishandling of extensions that fail to reload, potentially leaving them enabled on the lock screen. This could allow a bystander to launch applications, although interaction with them would be restricted. Additionally, information from the extensions could be visible, such as open applications or music being played. In some cases, it might even be possible to execute arbitrary commands, depending on the extensions a user has enabled. The problem stems from a lack of exception handling in the js/ui/extensionSystem.js file. **Recommendations** For gnome-shell versions 3.22 through 3.24.1, consider disabling extensions that could pose a risk until a proper fix is applied, especially those that could execute arbitrary commands or reveal sensitive information. As a temporary workaround, restrict access to the lock screen to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** gdk-pixbuf versions prior to 2.35.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds write and crash, by providing crafted dimensions in an ICO file. This is due to a problem in the OneLine32 function in io-ico.c. **Recommendations** For versions prior to 2.35.3, update to version 2.35.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** emesene versions prior to 1.6.2 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file in emesenelib/ProfileManager.py. **Recommendations** For versions prior to 1.6.2, update to version 1.6.2 or later to resolve the issue.