ID CVE-2007-0010
Summary The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
References
Vulnerable Configurations
  • cpe:2.3:a:the_gimp_team:gimp_toolkit:2.4.12
    cpe:2.3:a:the_gimp_team:gimp_toolkit:2.4.12
CVSS
Base: 2.1 (as of 24-01-2007 - 15:03)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description GTK2 GDKPixBufLoader Remote Denial of Service Vulnerability. CVE-2007-0010 . Dos exploit for linux platform
id EDB-ID:29520
last seen 2016-02-03
modified 2007-01-24
published 2007-01-24
reporter Lubomir Kundrak
source https://www.exploit-db.com/download/29520/
title GTK2 GDKPixBufLoader - Remote Denial of Service Vulnerability
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GTK2-2499.NASL
    description A bug in gdk-pixbuf could crash applications such as Evolution when trying to display certain images (CVE-2007-0010) Additionally a bug in the printer dialog prevent the correct display of all connected printers.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27254
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27254
    title openSUSE 10 Security Update : gtk2 (gtk2-2499)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11400.NASL
    description A denial of service (crash) condition was fixed in the image handling routines of GTK+. This could be triggered for instance by viewing HTML emails or similar. (CVE-2007-0010)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41113
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41113
    title SuSE9 Security Update : gtk2 (YOU Patch Number 11400)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-039.NASL
    description The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. (CVE-2007-0010) The version of libgtk+2.0 shipped with Mandriva Linux 2007 fails various portions of the lsb-test-desktop test suite, part of LSB 3.1 certification testing. The updated packages also address the following issues : The Home and Desktop entries in the GTK File Chooser are not always visible (#26644). GTK+-based applications (which includes all the Mandriva Linux configuration tools, for example) crash (instead of falling back to the default theme) when an invalid icon theme is selected. (#27013) Additional patches from GNOME CVS have been included to address the following issues from the GNOME bugzilla : - 357132 - fix RGBA colormap issue - 359537,357280,359052 - fix various printer bugs - 357566,353736,357050,363437,379503 - fix various crashes - 372527 - fix fileselector bug + potential deadlock
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24652
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24652
    title Mandrake Linux Security Advisory : gtk+2.0 (MDKSA-2007:039)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0019.NASL
    description From Red Hat Security Advisory 2007:0019 : Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67441
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67441
    title Oracle Linux 4 : gtk2 (ELSA-2007-0019)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GTK2-2498.NASL
    description A bug in gdk-pixbuf could crash applications such as Evolution when trying to display certain images (CVE-2007-0010)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27253
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27253
    title openSUSE 10 Security Update : gtk2 (gtk2-2498)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GTK2-2497.NASL
    description A denial of service (crash) condition was fixed in the image handling routines of GTK+. This could be triggered for instance by viewing HTML emails or simiar. (CVE-2007-0010)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29453
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29453
    title SuSE 10 Security Update : gtk2 (ZYPP Patch Number 2497)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1256.NASL
    description It was discovered that the image loading code in the GTK+ graphical user interface library performs insufficient error handling when loading malformed images, which may lead to denial of service.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 24295
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24295
    title Debian DSA-1256-1 : gtk+2.0 - programming error
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0019.NASL
    description Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24287
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24287
    title CentOS 4 : gtk2 (CESA-2007:0019)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-415-1.NASL
    description A flaw was discovered in the error handling of GTK's image loading library. Applications opening certain corrupted images could be made to crash, causing a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28004
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28004
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : gtk+2.0 vulnerability (USN-415-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0019.NASL
    description Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24259
    published 2007-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24259
    title RHEL 4 : gtk2 (RHSA-2007:0019)
oval via4
accepted 2013-04-29T04:04:40.636-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
family unix
id oval:org.mitre.oval:def:10325
status accepted
submitted 2010-07-09T03:56:16-04:00
title The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
version 23
redhat via4
advisories
bugzilla
id 218932
title CVE-2007-0010 GdbPixbufLoader fails to handle invalid input from Evolution correctly
oval
AND
  • comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhba:tst:20070304001
  • OR
    • AND
      • comment gtk2 is earlier than 0:2.4.13-22
        oval oval:com.redhat.rhsa:tst:20070019002
      • comment gtk2 is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20070019003
    • AND
      • comment gtk2-devel is earlier than 0:2.4.13-22
        oval oval:com.redhat.rhsa:tst:20070019004
      • comment gtk2-devel is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20070019005
rhsa
id RHSA-2007:0019
released 2007-01-24
severity Moderate
title RHSA-2007:0019: gtk2 security update (Moderate)
rpms
  • gtk2-0:2.4.13-22
  • gtk2-devel-0:2.4.13-22
refmap via4
bid 22209
confirm
debian DSA-1256
mandriva MDKSA-2007:039
osvdb 31621
sectrack 1017552
secunia
  • 23884
  • 23933
  • 23935
  • 23984
  • 24006
  • 24010
  • 24095
suse SUSE-SR:2007:002
ubuntu USN-415-1
vupen ADV-2007-0331
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-12-2016 - 22:00
Published 24-01-2007 - 14:28
Last modified 10-10-2017 - 21:31
Back to Top