Vulnerability CVE-2013-7447: Information

Description

Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2013-7447
Published: Feb. 17, 2016
Modified: Dec. 3, 2016

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
eogsisyphus3.18.2-alt145.3-alt1ALT-PU-2016-1114-1158970Fixed
eogp103.18.2-alt140.3-alt1ALT-PU-2016-1114-1158970Fixed
eogp93.18.2-alt13.32.2-alt1ALT-PU-2016-1114-1158970Fixed
eogc10f13.18.2-alt140.3-alt1ALT-PU-2016-1114-1158970Fixed
eogc9f23.18.2-alt13.32.2-alt1ALT-PU-2016-1114-1158970Fixed
gnome-photossisyphus3.18.3-alt144.0-alt1ALT-PU-2016-1247-1161436Fixed
gnome-photosp103.18.3-alt140.0-alt1.1ALT-PU-2016-1247-1161436Fixed
gnome-photosp93.18.3-alt13.32.1-alt1ALT-PU-2016-1247-1161436Fixed
gnome-photosc10f13.18.3-alt140.0-alt1.1ALT-PU-2016-1247-1161436Fixed
gnome-photosc9f23.18.3-alt13.32.1-alt1ALT-PU-2016-1247-1161436Fixed
libgtk+2sisyphus2.24.31-alt12.24.33-alt1ALT-PU-2016-1964-1169305Fixed
libgtk+2p102.24.31-alt12.24.33-alt1ALT-PU-2016-1964-1169305Fixed
libgtk+2p92.24.31-alt12.24.32-alt3ALT-PU-2016-1964-1169305Fixed
libgtk+2p82.24.31-alt12.24.31-alt1ALT-PU-2016-1966-1169340Fixed
libgtk+2c10f12.24.31-alt12.24.33-alt1ALT-PU-2016-1964-1169305Fixed
libgtk+2c9f22.24.31-alt12.24.32-alt3ALT-PU-2016-1964-1169305Fixed
thunarsisyphus1.6.10-alt24.18.10-alt1ALT-PU-2016-1103-1158848Fixed
thunarp101.6.10-alt24.18.10-alt1ALT-PU-2016-1103-1158848Fixed
thunarp91.6.10-alt21.8.17-alt1ALT-PU-2016-1103-1158848Fixed
thunarc10f11.6.10-alt24.16.11-alt3ALT-PU-2016-1103-1158848Fixed
thunarc9f21.6.10-alt21.8.15-alt1ALT-PU-2016-1103-1158848Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.gnome.org/show_bug.cgi?id=703220
    [oss-security] 20160209 CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0
      https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811
        [oss-security] 20160210 Re: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0
          USN-2898-2
          • Vendor Advisory
          https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
            USN-2898-1
            • Vendor Advisory
            https://git.gnome.org/browse/gtk+/tree/NEWS
            • Patch
            https://github.com/mate-desktop/eom/issues/93
              http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
                83239
                  openSUSE-SU-2016:0647

                      1. Configuration 1

                        cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
                        cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
                        cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

                        Configuration 2

                        cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*
                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                    Version: v24.5.0
                    Back to top