Vulnerabilities > CVE-2007-0010 - Unspecified vulnerability in Gnome GTK
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
Vulnerable Configurations
Exploit-Db
| description | GTK2 GDKPixBufLoader Remote Denial of Service Vulnerability. CVE-2007-0010 . Dos exploit for linux platform |
| id | EDB-ID:29520 |
| last seen | 2016-02-03 |
| modified | 2007-01-24 |
| published | 2007-01-24 |
| reporter | Lubomir Kundrak |
| source | https://www.exploit-db.com/download/29520/ |
| title | GTK2 GDKPixBufLoader - Remote Denial of Service Vulnerability |
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0019.NASL description Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24287 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24287 title CentOS 4 : gtk2 (CESA-2007:0019) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0019 and # CentOS Errata and Security Advisory 2007:0019 respectively. # include("compat.inc"); if (description) { script_id(24287); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2007-0010"); script_xref(name:"RHSA", value:"2007:0019"); script_name(english:"CentOS 4 : gtk2 (CESA-2007:0019)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2007-January/013481.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?820dd991" ); # https://lists.centos.org/pipermail/centos-announce/2007-January/013483.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2f6d284a" ); # https://lists.centos.org/pipermail/centos-announce/2007-January/013484.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?910a6e35" ); script_set_attribute(attribute:"solution", value:"Update the affected gtk2 packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gtk2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gtk2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/24"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"gtk2-2.4.13-22")) flag++; if (rpm_check(release:"CentOS-4", reference:"gtk2-devel-2.4.13-22")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gtk2 / gtk2-devel"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1256.NASL description It was discovered that the image loading code in the GTK+ graphical user interface library performs insufficient error handling when loading malformed images, which may lead to denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 24295 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24295 title Debian DSA-1256-1 : gtk+2.0 - programming error code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1256. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(24295); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-0010"); script_xref(name:"DSA", value:"1256"); script_name(english:"Debian DSA-1256-1 : gtk+2.0 - programming error"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that the image loading code in the GTK+ graphical user interface library performs insufficient error handling when loading malformed images, which may lead to denial of service." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2007/dsa-1256" ); script_set_attribute( attribute:"solution", value: "Upgrade the GTK packages. For the stable distribution (sarge) this problem has been fixed in version 2.6.4-3.2. This update lacks builds for the Motorola 680x0 architecture, which had build problems. Packages will be released once this problem has been resolved. For the upcoming stable distribution (etch) this problem has been fixed in version 2.8.20-5." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gtk+2.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"gtk2-engines-pixbuf", reference:"2.6.4-3.2")) flag++; if (deb_check(release:"3.1", prefix:"gtk2.0-examples", reference:"2.6.4-3.2")) flag++; if (deb_check(release:"3.1", prefix:"libgtk2.0-0", reference:"2.6.4-3.2")) flag++; if (deb_check(release:"3.1", prefix:"libgtk2.0-0-dbg", reference:"2.6.4-3.2")) flag++; if (deb_check(release:"3.1", prefix:"libgtk2.0-bin", reference:"2.6.4-3.2")) flag++; if (deb_check(release:"3.1", prefix:"libgtk2.0-common", reference:"2.6.4-3.2")) flag++; if (deb_check(release:"3.1", prefix:"libgtk2.0-dev", reference:"2.6.4-3.2")) flag++; if (deb_check(release:"3.1", prefix:"libgtk2.0-doc", reference:"2.6.4-3.2")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_GTK2-2497.NASL description A denial of service (crash) condition was fixed in the image handling routines of GTK+. This could be triggered for instance by viewing HTML emails or simiar. (CVE-2007-0010) last seen 2020-06-01 modified 2020-06-02 plugin id 29453 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29453 title SuSE 10 Security Update : gtk2 (ZYPP Patch Number 2497) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29453); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-0010"); script_name(english:"SuSE 10 Security Update : gtk2 (ZYPP Patch Number 2497)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "A denial of service (crash) condition was fixed in the image handling routines of GTK+. This could be triggered for instance by viewing HTML emails or simiar. (CVE-2007-0010)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-0010.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2497."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"gtk2-2.8.10-39.22")) flag++; if (rpm_check(release:"SLED10", sp:0, reference:"gtk2-devel-2.8.10-39.22")) flag++; if (rpm_check(release:"SLED10", sp:0, reference:"gtk2-doc-2.8.10-39.22")) flag++; if (rpm_check(release:"SLED10", sp:0, cpu:"x86_64", reference:"gtk2-32bit-2.8.10-39.22")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"gtk2-2.8.10-39.22")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"gtk2-devel-2.8.10-39.22")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"gtk2-doc-2.8.10-39.22")) flag++; if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"gtk2-32bit-2.8.10-39.22")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE9_11400.NASL description A denial of service (crash) condition was fixed in the image handling routines of GTK+. This could be triggered for instance by viewing HTML emails or similar. (CVE-2007-0010) last seen 2020-06-01 modified 2020-06-02 plugin id 41113 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41113 title SuSE9 Security Update : gtk2 (YOU Patch Number 11400) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41113); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-0010"); script_name(english:"SuSE9 Security Update : gtk2 (YOU Patch Number 11400)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "A denial of service (crash) condition was fixed in the image handling routines of GTK+. This could be triggered for instance by viewing HTML emails or similar. (CVE-2007-0010)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-0010.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 11400."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"gtk2-2.2.4-125.17")) flag++; if (rpm_check(release:"SUSE9", reference:"gtk2-devel-2.2.4-125.17")) flag++; if (rpm_check(release:"SUSE9", reference:"gtk2-doc-2.2.4-125.17")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"gtk2-32bit-9-200701181719")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else exit(0, "The host is not affected.");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0019.NASL description From Red Hat Security Advisory 2007:0019 : Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67441 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67441 title Oracle Linux 4 : gtk2 (ELSA-2007-0019) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0019 and # Oracle Linux Security Advisory ELSA-2007-0019 respectively. # include("compat.inc"); if (description) { script_id(67441); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2007-0010"); script_xref(name:"RHSA", value:"2007:0019"); script_name(english:"Oracle Linux 4 : gtk2 (ELSA-2007-0019)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:0019 : Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-January/000042.html" ); script_set_attribute(attribute:"solution", value:"Update the affected gtk2 packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gtk2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gtk2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/24"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"gtk2-2.4.13-22")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"gtk2-2.4.13-22")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"gtk2-devel-2.4.13-22")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"gtk2-devel-2.4.13-22")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gtk2 / gtk2-devel"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-039.NASL description The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. (CVE-2007-0010) The version of libgtk+2.0 shipped with Mandriva Linux 2007 fails various portions of the lsb-test-desktop test suite, part of LSB 3.1 certification testing. The updated packages also address the following issues : The Home and Desktop entries in the GTK File Chooser are not always visible (#26644). GTK+-based applications (which includes all the Mandriva Linux configuration tools, for example) crash (instead of falling back to the default theme) when an invalid icon theme is selected. (#27013) Additional patches from GNOME CVS have been included to address the following issues from the GNOME bugzilla : - 357132 				- fix RGBA colormap issue - 359537,357280,359052 		- fix various printer bugs - 357566,353736,357050,363437,379503 - fix various crashes - 372527				- fix fileselector bug + potential deadlock last seen 2020-06-01 modified 2020-06-02 plugin id 24652 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24652 title Mandrake Linux Security Advisory : gtk+2.0 (MDKSA-2007:039) NASL family SuSE Local Security Checks NASL id SUSE_GTK2-2499.NASL description A bug in gdk-pixbuf could crash applications such as Evolution when trying to display certain images (CVE-2007-0010) Additionally a bug in the printer dialog prevent the correct display of all connected printers. last seen 2020-06-01 modified 2020-06-02 plugin id 27254 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27254 title openSUSE 10 Security Update : gtk2 (gtk2-2499) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-415-1.NASL description A flaw was discovered in the error handling of GTK last seen 2020-06-01 modified 2020-06-02 plugin id 28004 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28004 title Ubuntu 5.10 / 6.06 LTS / 6.10 : gtk+2.0 vulnerability (USN-415-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0019.NASL description Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24259 published 2007-01-26 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24259 title RHEL 4 : gtk2 (RHSA-2007:0019) NASL family SuSE Local Security Checks NASL id SUSE_GTK2-2498.NASL description A bug in gdk-pixbuf could crash applications such as Evolution when trying to display certain images (CVE-2007-0010) last seen 2020-06-01 modified 2020-06-02 plugin id 27253 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27253 title openSUSE 10 Security Update : gtk2 (gtk2-2498)
Oval
| accepted | 2013-04-29T04:04:40.636-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10325 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932
- http://www.redhat.com/support/errata/RHSA-2007-0019.html
- https://issues.rpath.com/browse/RPL-984
- http://www.novell.com/linux/security/advisories/2007_02_sr.html
- http://www.ubuntu.com/usn/usn-415-1
- http://www.securityfocus.com/bid/22209
- http://securitytracker.com/id?1017552
- http://secunia.com/advisories/23884
- http://secunia.com/advisories/23933
- http://secunia.com/advisories/23935
- http://secunia.com/advisories/24010
- http://secunia.com/advisories/24006
- http://secunia.com/advisories/24095
- http://secunia.com/advisories/23984
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:039
- http://osvdb.org/31621
- http://www.vupen.com/english/advisories/2007/0331
- https://www.debian.org/security/2007/dsa-1256
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10325