CVE-2013-7447

NameCVE-2013-7447
DescriptionInteger overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-419-1
NVD severitymedium (attack range: remote)
Debian Bugs799275, 818090

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gtk+2.0 (PTS)wheezy2.24.10-2vulnerable
jessie2.24.25-3+deb8u1fixed
buster, sid, stretch2.24.31-2fixed
gtk+3.0 (PTS)wheezy3.4.2-7+deb7u1fixed
jessie3.14.5-1+deb8u1fixed
stretch3.22.11-1fixed
buster3.22.12-1fixed
sid3.22.16-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gtk+2.0source(unstable)2.24.30-1.1medium799275
gtk+2.0sourcejessie2.24.25-3+deb8u1medium
gtk+2.0sourcesqueeze2.20.1-2+deb6u1mediumDLA-419-1
gtk+3.0source(unstable)3.10.7-1medium818090
gtk+3.0sourcewheezy3.4.2-7+deb7u1medium

Notes

[wheezy] - gtk+2.0 <no-dsa> (Minor issue; can be fixed via wheezy-pu)
https://bugzilla.gnome.org/show_bug.cgi?id=703220
Fixed by: https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6

Search for package or bug name: Reporting problems