CVE-2007-3381

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

Published: Aug 7, 2007
Updated: Nov 9, 2025
CVE: CVE-2007-3381
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.5
AV:L/AC:M/Au:S/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
gnome / gdm	2.14.1	2.14.1.x
gnome / gdm	2.5	2.5.x
gnome / gdm	2.2	2.2.x
gnome / gdm	2.14.8	2.14.8.x
gnome / gdm	2.14.11	2.14.11.x
gnome / gdm	-	2.14.12.x
gnome / gdm	2.13	2.13.x
gnome / gdm	2.4	2.4.x
gnome / gdm	2.14.2	2.14.2.x
gnome / gdm	2.14.5	2.14.5.x
gnome / gdm	2.3	2.3.x
gnome / gdm	2.6	2.6.x
gnome / gdm	2.8	2.8.x
gnome / gdm	2.14.6	2.14.6.x
gnome / gdm	2.14.4	2.14.4.x
gnome / gdm	2.14.7	2.14.7.x
gnome / gdm	1.0	1.0.x
gnome / gdm	2.14.9	2.14.9.x
gnome / gdm	2.14	2.14.x
gnome / gdm	2.14.10	2.14.10.x
gnome / gdm	0.7	0.7.x
gnome / gdm	2.14.3	2.14.3.x
gnome / gdm	2.0	2.0.x
gnome / gdm	2.16.2	2.16.2.x
gnome / gdm	2.16	2.16.x
gnome / gdm	2.16.1	2.16.1.x
gnome / gdm	2.18.1	2.18.1.x
gnome / gdm	2.18.3	2.18.3.x
gnome / gdm	2.18.2	2.18.2.x
gnome / gdm	2.18	2.18.x
gnome / gdm	2.19.3	2.19.3.x
gnome / gdm	2.19	2.19.x
gnome / gdm	2.19.4	2.19.4.x
gnome / gdm	2.19.2	2.19.2.x
gnome / gdm	2.19.1	2.19.1.x

Vulnerability Database

313,359

CVE-2007-3381

Deep Security Visibility Without the Complexity