ID CVE-2013-7447
Summary Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • cpe:2.3:a:gtk:gtk%5c%2b:3.9.6
    cpe:2.3:a:gtk:gtk%5c%2b:3.9.6
CVSS
Base: 4.3 (as of 11-03-2016 - 11:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-254-02.NASL
    description New gtk+2 packages are available for Slackware 14.1, 14.2, and -current to fix a security issue.
    last seen 2018-09-01
    modified 2016-10-19
    plugin id 93412
    published 2016-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93412
    title Slackware 14.1 / 14.2 / current : gtk+2 (SSA:2016-254-02)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1118.NASL
    description This gtk2 update to version 2.24.31 fixes the following issues : Security issues fixed : - CVE-2013-7447: Fixed integer overflow in image handling (boo#966682). Bugs fixed : - Changes from version 2.24.31 : + Backport many file chooser entry fixes and cleanups. + Don't crash if invisible files are deleted. + Bugs fixed: bgo#555087, bgo#586367, bgo#635287, bgo#640698, bgo#648419, bgo#672271, bgo#679333, bgo#687196, bgo#703220 (CVE-2013-7447), bgo#720330, bgo#729927, bgo#737777, bgo#752707, bgo#756450, bgo#765120, bgo#765193, bgo#768163, bgo#764996, bgo#769126. GTK2 Engine and branding packages were rebuilt to match the updated gtk2 package (boo#999375).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 93704
    published 2016-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93704
    title openSUSE Security Update : gtk2 (openSUSE-2016-1118)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-296.NASL
    description This update for eog fixes the following issues : - Update to version 3.14.5 (CVE-2013-7447 boo#966682) : + bgo#762028, >=eog-3.16 is affected by CVE-2013-7447. + Updated translations.
    last seen 2018-09-01
    modified 2016-10-13
    plugin id 89653
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89653
    title openSUSE Security Update : eog (openSUSE-2016-296)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2550-1.NASL
    description This update for gtk2 fixes the following issues : - CVE-2013-7447: Avoid an overflow when allocating a cairo pixbuf (bsc#966682). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94270
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94270
    title SUSE SLED12 / SLES12 Security Update : gtk2 (SUSE-SU-2016:2550-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-419.NASL
    description Gtk+2.0, a graphical user interface library, was susceptible to an integer overflow in its gdk_cairo_set_source_pixbuf function when allocating a large block of memory. For Debian 6 'Squeeze', this issue has been fixed in gtk+2.0 version 2.20.1-2+deb6u1. We recommend you to upgrade your gtk+2.0 packages. Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/ NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 88810
    published 2016-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88810
    title Debian DLA-419-1 : gtk+2.0 security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1117.NASL
    description This gtk2 update to version 2.24.31 fixes the following issues : Security issues fixed : - CVE-2013-7447: Fixed integer overflow in image handling (boo#966682). Bugs fixed : - Changes from version 2.24.31 : + Backport many file chooser entry fixes and cleanups. + Don't crash if invisible files are deleted. + Bugs fixed: bgo#555087, bgo#586367, bgo#635287, bgo#640698, bgo#648419, bgo#672271, bgo#679333, bgo#687196, bgo#703220 (CVE-2013-7447), bgo#720330, bgo#729927, bgo#737777, bgo#752707, bgo#756450, bgo#765120, bgo#765193, bgo#768163, bgo#764996, bgo#769126. - Changes from version 2.24.30 : + Win32: Build fixes. + X11: Support Randr 1.5 monitor information. + Bugs fixed: bgo#722815, bgo#612611, bgo#699652, bgo#698652, bgo#758893. + Updated translations. - Changes from version 2.24.29 : + OS X: Partial aspect ratio support. + Bugs fixed: bgo#345345, bgo#745127, bgo#749507, bgo#752638, bgo#753644, bgo#753691, bgo#753992, bgo#754046. + Updated translations. GTK2 Engine and branding packages were rebuilt to match the updated gtk2 package (boo#999375).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 93703
    published 2016-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93703
    title openSUSE Security Update : gtk2 (openSUSE-2016-1117)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2898-2.NASL
    description It was discovered that Eye of GNOME incorrectly handled certain large images. If a user were tricked into opening a specially crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 88750
    published 2016-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88750
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eog vulnerability (USN-2898-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2898-1.NASL
    description It was discovered that GTK+ incorrectly handled certain large images. A remote attacker could use this issue to cause GTK+ applications to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 88749
    published 2016-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88749
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : gtk+2.0, gtk+3.0 vulnerability (USN-2898-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2532-1.NASL
    description This update for gtk2 fixes the following security issues : - CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32() function that could be used by attackers to crash GTK/GDK programs. - CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf (bsc#966682). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 94268
    published 2016-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94268
    title SUSE SLES11 Security Update : gtk2 (SUSE-SU-2016:2532-1)
refmap via4
bid 83239
confirm
mlist
  • [oss-security] 20160209 CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0
  • [oss-security] 20160210 Re: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0
suse openSUSE-SU-2016:0647
ubuntu
  • USN-2898-1
  • USN-2898-2
Last major update 02-12-2016 - 22:00
Published 17-02-2016 - 10:59
Back to Top