PublicDateAtUSN: 2013-12-31 Candidate: CVE-2013-7447 PublicDate: 2016-02-17 15:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7447 http://www.openwall.com/lists/oss-security/2016/02/10/2 https://ubuntu.com/security/notices/USN-2898-1 https://ubuntu.com/security/notices/USN-2898-2 Description: Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation. Ubuntu-Description: Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275 https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811 https://bugzilla.gnome.org/show_bug.cgi?id=703220 https://github.com/mate-desktop/eom/issues/93 Priority: medium Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM] Patches_gtk+2.0: upstream_gtk+2.0: needs-triage precise_gtk+2.0: released (2.24.10-0ubuntu6.3) precise/esm_gtk+2.0: DNE (precise was released [2.24.10-0ubuntu6.3]) trusty_gtk+2.0: released (2.24.23-0ubuntu1.4) trusty/esm_gtk+2.0: DNE (trusty was released [2.24.23-0ubuntu1.4]) vivid/stable-phone-overlay_gtk+2.0: ignored (reached end-of-life) vivid/ubuntu-core_gtk+2.0: DNE wily_gtk+2.0: released (2.24.28-1ubuntu1.1) xenial_gtk+2.0: not-affected (2.24.29-1ubuntu2) esm-infra/xenial_gtk+2.0: not-affected (2.24.29-1ubuntu2) yakkety_gtk+2.0: not-affected (2.24.29-1ubuntu2) zesty_gtk+2.0: not-affected (2.24.29-1ubuntu2) artful_gtk+2.0: not-affected (2.24.29-1ubuntu2) bionic_gtk+2.0: not-affected (2.24.29-1ubuntu2) cosmic_gtk+2.0: not-affected (2.24.29-1ubuntu2) disco_gtk+2.0: not-affected (2.24.29-1ubuntu2) eoan_gtk+2.0: not-affected (2.24.29-1ubuntu2) focal_gtk+2.0: not-affected (2.24.29-1ubuntu2) groovy_gtk+2.0: not-affected (2.24.29-1ubuntu2) hirsute_gtk+2.0: not-affected (2.24.29-1ubuntu2) impish_gtk+2.0: not-affected (2.24.29-1ubuntu2) jammy_gtk+2.0: not-affected (2.24.29-1ubuntu2) devel_gtk+2.0: not-affected (2.24.29-1ubuntu2) Patches_gtk+3.0: upstream: https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 upstream_gtk+3.0: released (3.10.7-1) precise_gtk+3.0: released (3.4.2-0ubuntu0.9) precise/esm_gtk+3.0: DNE (precise was released [3.4.2-0ubuntu0.9]) trusty_gtk+3.0: not-affected (3.10.8-0ubuntu1.6) trusty/esm_gtk+3.0: DNE (trusty was not-affected [3.10.8-0ubuntu1.6]) vivid/stable-phone-overlay_gtk+3.0: not-affected vivid/ubuntu-core_gtk+3.0: DNE wily_gtk+3.0: not-affected xenial_gtk+3.0: not-affected esm-infra/xenial_gtk+3.0: not-affected yakkety_gtk+3.0: not-affected zesty_gtk+3.0: not-affected artful_gtk+3.0: not-affected bionic_gtk+3.0: not-affected cosmic_gtk+3.0: not-affected disco_gtk+3.0: not-affected eoan_gtk+3.0: not-affected focal_gtk+3.0: not-affected groovy_gtk+3.0: not-affected hirsute_gtk+3.0: not-affected impish_gtk+3.0: not-affected jammy_gtk+3.0: not-affected devel_gtk+3.0: not-affected Patches_eom: upstream: https://github.com/mate-desktop/eom/commit/b7849cc5b6e7fd741ef04e334f586266a444ef8a upstream_eom: needs-triage precise_eom: DNE precise/esm_eom: DNE trusty_eom: DNE trusty/esm_eom: DNE vivid/stable-phone-overlay_eom: DNE vivid/ubuntu-core_eom: DNE wily_eom: ignored (reached end-of-life) xenial_eom: not-affected yakkety_eom: ignored (reached end-of-life) zesty_eom: ignored (reached end-of-life) artful_eom: ignored (reached end-of-life) bionic_eom: not-affected cosmic_eom: not-affected disco_eom: not-affected eoan_eom: not-affected focal_eom: not-affected groovy_eom: not-affected hirsute_eom: not-affected impish_eom: not-affected jammy_eom: not-affected devel_eom: not-affected Patches_gambas3: upstream_gambas3: needs-triage precise_gambas3: DNE precise/esm_gambas3: DNE trusty_gambas3: ignored (reached end-of-life) trusty/esm_gambas3: DNE (trusty was needed) vivid/stable-phone-overlay_gambas3: DNE vivid/ubuntu-core_gambas3: DNE wily_gambas3: ignored (reached end-of-life) xenial_gambas3: ignored (end of standard support, was needed) yakkety_gambas3: ignored (reached end-of-life) zesty_gambas3: ignored (reached end-of-life) artful_gambas3: ignored (reached end-of-life) bionic_gambas3: DNE cosmic_gambas3: DNE disco_gambas3: ignored (reached end-of-life) eoan_gambas3: ignored (reached end-of-life) focal_gambas3: needs-triage groovy_gambas3: ignored (reached end-of-life) hirsute_gambas3: ignored (reached end-of-life) impish_gambas3: needs-triage jammy_gambas3: needs-triage devel_gambas3: needs-triage Patches_thunar: upstream_thunar: needs-triage precise_thunar: ignored (reached end-of-life) precise/esm_thunar: DNE (precise was needs-triage) trusty_thunar: ignored (reached end-of-life) trusty/esm_thunar: DNE (trusty was needed) vivid/stable-phone-overlay_thunar: DNE vivid/ubuntu-core_thunar: DNE wily_thunar: ignored (reached end-of-life) xenial_thunar: ignored (end of standard support, was needed) yakkety_thunar: ignored (reached end-of-life) zesty_thunar: ignored (reached end-of-life) artful_thunar: ignored (reached end-of-life) bionic_thunar: not-affected cosmic_thunar: not-affected disco_thunar: not-affected eoan_thunar: not-affected focal_thunar: not-affected groovy_thunar: not-affected hirsute_thunar: not-affected impish_thunar: not-affected jammy_thunar: not-affected devel_thunar: not-affected Patches_gnome-photos: upstream_gnome-photos: needs-triage precise_gnome-photos: DNE precise/esm_gnome-photos: DNE trusty_gnome-photos: ignored (reached end-of-life) trusty/esm_gnome-photos: DNE (trusty was needed) vivid/stable-phone-overlay_gnome-photos: DNE vivid/ubuntu-core_gnome-photos: DNE wily_gnome-photos: ignored (reached end-of-life) xenial_gnome-photos: ignored (end of standard support, was needed) yakkety_gnome-photos: ignored (reached end-of-life) zesty_gnome-photos: ignored (reached end-of-life) artful_gnome-photos: ignored (reached end-of-life) bionic_gnome-photos: not-affected cosmic_gnome-photos: not-affected disco_gnome-photos: not-affected eoan_gnome-photos: not-affected focal_gnome-photos: not-affected groovy_gnome-photos: not-affected hirsute_gnome-photos: not-affected impish_gnome-photos: not-affected jammy_gnome-photos: not-affected devel_gnome-photos: not-affected Patches_pinpoint: upstream_pinpoint: needs-triage precise_pinpoint: ignored (reached end-of-life) precise/esm_pinpoint: DNE (precise was needs-triage) trusty_pinpoint: ignored (reached end-of-life) trusty/esm_pinpoint: DNE (trusty was needed) vivid/stable-phone-overlay_pinpoint: DNE vivid/ubuntu-core_pinpoint: DNE wily_pinpoint: ignored (reached end-of-life) xenial_pinpoint: ignored (end of standard support, was needed) yakkety_pinpoint: ignored (reached end-of-life) zesty_pinpoint: ignored (reached end-of-life) artful_pinpoint: ignored (reached end-of-life) bionic_pinpoint: needed cosmic_pinpoint: ignored (reached end-of-life) disco_pinpoint: ignored (reached end-of-life) eoan_pinpoint: ignored (reached end-of-life) focal_pinpoint: needed groovy_pinpoint: ignored (reached end-of-life) hirsute_pinpoint: ignored (reached end-of-life) impish_pinpoint: needed jammy_pinpoint: needed devel_pinpoint: needed Patches_eog: upstream_eog: needs-triage precise_eog: released (3.4.2-0ubuntu1.2) precise/esm_eog: DNE (precise was released [3.4.2-0ubuntu1.2]) trusty_eog: released (3.10.2-0ubuntu5.1) trusty/esm_eog: DNE (trusty was released [3.10.2-0ubuntu5.1]) vivid/stable-phone-overlay_eog: DNE vivid/ubuntu-core_eog: DNE wily_eog: released (3.16.3-1ubuntu2.1) xenial_eog: released (3.18.1-1ubuntu2) esm-infra/xenial_eog: released (3.18.1-1ubuntu2) yakkety_eog: released (3.18.1-1ubuntu2) zesty_eog: released (3.18.1-1ubuntu2) artful_eog: released (3.18.1-1ubuntu2) bionic_eog: released (3.18.1-1ubuntu2) cosmic_eog: released (3.18.1-1ubuntu2) disco_eog: released (3.18.1-1ubuntu2) eoan_eog: released (3.18.1-1ubuntu2) focal_eog: released (3.18.1-1ubuntu2) groovy_eog: released (3.18.1-1ubuntu2) hirsute_eog: released (3.18.1-1ubuntu2) impish_eog: released (3.18.1-1ubuntu2) jammy_eog: released (3.18.1-1ubuntu2) devel_eog: released (3.18.1-1ubuntu2)