DescriptionDouble free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gdk-pixbuf (PTS)buster2.38.1+dfsg-1fixed
bullseye (security), bullseye2.42.2+dfsg-1+deb11u1fixed
sid, trixie, bookworm2.42.10+dfsg-1fixed
gtk+2.0 (PTS)buster2.24.32-3fixed
sid, trixie, bookworm, bullseye2.24.33-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


The description is wrong; 2.6 is affected as well

Search for package or bug name: Reporting problems