CVE-2013-7447

NameCVE-2013-7447
DescriptionInteger overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-419-1
Debian Bugs799275, 818090

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gtk+2.0 (PTS)buster2.24.32-3fixed
bookworm, bullseye2.24.33-2fixed
trixie2.24.33-3fixed
sid2.24.33-4fixed
gtk+3.0 (PTS)buster3.24.5-1fixed
bullseye3.24.24-4+deb11u3fixed
bookworm3.24.38-2~deb12u1fixed
trixie3.24.41-1fixed
sid3.24.41-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gtk+2.0sourcesqueeze2.20.1-2+deb6u1DLA-419-1
gtk+2.0sourcejessie2.24.25-3+deb8u1
gtk+2.0source(unstable)2.24.30-1.1799275
gtk+3.0sourcewheezy3.4.2-7+deb7u1
gtk+3.0source(unstable)3.10.7-1818090

Notes

[wheezy] - gtk+2.0 <no-dsa> (Minor issue; can be fixed via wheezy-pu)
https://bugzilla.gnome.org/show_bug.cgi?id=703220
Fixed by: https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6

Search for package or bug name: Reporting problems