PT-2013-6305 · Gtk+ Team+3 · Gtk++3

Published

2013-12-31

·

Updated

2024-06-15

·

CVE-2013-7447

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GTK+ versions prior to 3.9.8
Description The issue is related to an integer overflow in the gdk cairo set source pixbuf function, which can be triggered by a large image file. This leads to a large memory allocation, causing a denial of service (crash). The problem affects various applications that use GTK+, including eom, gnome-photos, eog, gambas3, thunar, and pinpoint.
Recommendations For GTK+ versions prior to 3.9.8, update to version 3.9.8 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific problem.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2016-1103
ALT-PU-2016-1114
ALT-PU-2016-1247
ALT-PU-2016-1964
CVE-2013-7447
DLA-419-1
MGASA-2016-0069
MGASA-2016-0070
MGASA-2016-0071
MGASA-2016-0073
MGASA-2016-0074
MGASA-2016-0075
MGASA-2016-0076
OPENSUSE-SU-2024:10170-1
OPENSUSE-SU-2024:10522-1
OPENSUSE-SU-2024:10908-1
SUSE-SU-2016:2532-1
SUSE-SU-2016:2550-1
SUSE-SU-2016_2532-1
SUSE-SU-2016_2550-1
USN-2898-1
USN-2898-2

Affected Products

Alt Linux
Gtk+
Suse
Ubuntu