CVE-2013-7447
Description
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
4.959
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| GTK+ graphical user interface library (USN-2898-1) libgtk-3-0_3.4.2-0ubuntu0.9_i386.deb | Linux |
| GTK+ graphical user interface library (USN-2898-1) libgtk-3-0_3.4.2-0ubuntu0.9_amd64.deb | Linux |
| GTK+ graphical user interface library (USN-2898-1) libgtk2.0-0_2.24.10-0ubuntu6.3_i386.deb | Linux |
| GTK+ graphical user interface library (USN-2898-1) libgtk2.0-0_2.24.10-0ubuntu6.3_amd64.deb | Linux |
| GTK+ graphical user interface library (USN-2898-1) libgtk2.0-0_2.24.23-0ubuntu1.4_i386.deb | Linux |
| GTK+ graphical user interface library (USN-2898-1) libgtk2.0-0_2.24.23-0ubuntu1.4_amd64.deb | Linux |
| GTK+ graphical user interface library (USN-2898-1) libgtk2.0-0_2.24.28-1ubuntu1.1_i386.deb | Linux |
| GTK+ graphical user interface library (USN-2898-1) libgtk2.0-0_2.24.28-1ubuntu1.1_amd64.deb | Linux |
| Eye of GNOME graphics viewer program (USN-2898-2) eog_3.4.2-0ubuntu1.2_i386.deb | Linux |
| Eye of GNOME graphics viewer program (USN-2898-2) eog_3.4.2-0ubuntu1.2_amd64.deb | Linux |
| Eye of GNOME graphics viewer program (USN-2898-2) eog_3.10.2-0ubuntu5.1_i386.deb | Linux |
| Eye of GNOME graphics viewer program (USN-2898-2) eog_3.10.2-0ubuntu5.1_amd64.deb | Linux |
| Eye of GNOME graphics viewer program (USN-2898-2) eog_3.16.3-1ubuntu2.1_i386.deb | Linux |
| Eye of GNOME graphics viewer program (USN-2898-2) eog_3.16.3-1ubuntu2.1_amd64.deb | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) gtk2-debugsource-2.24.24-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) gtk2-lang-2.24.24-3.1.noarch.rpm | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) gtk2-tools-2.24.24-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) gtk2-tools-32bit-2.24.24-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) gtk2-tools-debuginfo-2.24.24-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) gtk2-tools-debuginfo-32bit-2.24.24-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgtk-2_0-0-2.24.24-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgtk-2_0-0-32bit-2.24.24-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgtk-2_0-0-debuginfo-2.24.24-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgtk-2_0-0-debuginfo-32bit-2.24.24-3.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2550-1(SUSE Linux Enterprise Desktop 12-SP1 ) typelib-1_0-Gtk-2_0-2.24.24-3.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234