Vulnerabilities > CVE-2007-0010 - Unspecified vulnerability in Gnome GTK

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
gnome
nessus
exploit available

Summary

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

Vulnerable Configurations

Part Description Count
Application
Gnome
99

Exploit-Db

descriptionGTK2 GDKPixBufLoader Remote Denial of Service Vulnerability. CVE-2007-0010 . Dos exploit for linux platform
idEDB-ID:29520
last seen2016-02-03
modified2007-01-24
published2007-01-24
reporterLubomir Kundrak
sourcehttps://www.exploit-db.com/download/29520/
titleGTK2 GDKPixBufLoader - Remote Denial of Service Vulnerability

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0019.NASL
    descriptionUpdated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24287
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24287
    titleCentOS 4 : gtk2 (CESA-2007:0019)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0019 and 
    # CentOS Errata and Security Advisory 2007:0019 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24287);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2007-0010");
      script_xref(name:"RHSA", value:"2007:0019");
    
      script_name(english:"CentOS 4 : gtk2 (CESA-2007:0019)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated gtk2 packages that fix a security issue are now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The gtk2 package contains the GIMP ToolKit (GTK+), a library for
    creating graphical user interfaces for the X Window System.
    
    A bug was found in the way the gtk2 GdkPixbufLoader() function
    processed invalid input. Applications linked against gtk2 could crash
    if they loaded a malformed image file. (CVE-2007-0010)
    
    Users of gtk2 are advised to upgrade to these updated packages, which
    contain a backported patch to correct this issue."
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-January/013481.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?820dd991"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-January/013483.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2f6d284a"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-January/013484.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?910a6e35"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gtk2 packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gtk2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gtk2-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"gtk2-2.4.13-22")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"gtk2-devel-2.4.13-22")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gtk2 / gtk2-devel");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1256.NASL
    descriptionIt was discovered that the image loading code in the GTK+ graphical user interface library performs insufficient error handling when loading malformed images, which may lead to denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id24295
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24295
    titleDebian DSA-1256-1 : gtk+2.0 - programming error
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1256. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24295);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2007-0010");
      script_xref(name:"DSA", value:"1256");
    
      script_name(english:"Debian DSA-1256-1 : gtk+2.0 - programming error");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the image loading code in the GTK+ graphical
    user interface library performs insufficient error handling when
    loading malformed images, which may lead to denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2007/dsa-1256"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the GTK packages.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.6.4-3.2. This update lacks builds for the Motorola 680x0
    architecture, which had build problems. Packages will be released once
    this problem has been resolved.
    
    For the upcoming stable distribution (etch) this problem has been
    fixed in version 2.8.20-5."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gtk+2.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"gtk2-engines-pixbuf", reference:"2.6.4-3.2")) flag++;
    if (deb_check(release:"3.1", prefix:"gtk2.0-examples", reference:"2.6.4-3.2")) flag++;
    if (deb_check(release:"3.1", prefix:"libgtk2.0-0", reference:"2.6.4-3.2")) flag++;
    if (deb_check(release:"3.1", prefix:"libgtk2.0-0-dbg", reference:"2.6.4-3.2")) flag++;
    if (deb_check(release:"3.1", prefix:"libgtk2.0-bin", reference:"2.6.4-3.2")) flag++;
    if (deb_check(release:"3.1", prefix:"libgtk2.0-common", reference:"2.6.4-3.2")) flag++;
    if (deb_check(release:"3.1", prefix:"libgtk2.0-dev", reference:"2.6.4-3.2")) flag++;
    if (deb_check(release:"3.1", prefix:"libgtk2.0-doc", reference:"2.6.4-3.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GTK2-2497.NASL
    descriptionA denial of service (crash) condition was fixed in the image handling routines of GTK+. This could be triggered for instance by viewing HTML emails or simiar. (CVE-2007-0010)
    last seen2020-06-01
    modified2020-06-02
    plugin id29453
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29453
    titleSuSE 10 Security Update : gtk2 (ZYPP Patch Number 2497)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29453);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:30");
    
      script_cve_id("CVE-2007-0010");
    
      script_name(english:"SuSE 10 Security Update : gtk2 (ZYPP Patch Number 2497)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A denial of service (crash) condition was fixed in the image handling
    routines of GTK+. This could be triggered for instance by viewing HTML
    emails or simiar. (CVE-2007-0010)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0010.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2497.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:0, reference:"gtk2-2.8.10-39.22")) flag++;
    if (rpm_check(release:"SLED10", sp:0, reference:"gtk2-devel-2.8.10-39.22")) flag++;
    if (rpm_check(release:"SLED10", sp:0, reference:"gtk2-doc-2.8.10-39.22")) flag++;
    if (rpm_check(release:"SLED10", sp:0, cpu:"x86_64", reference:"gtk2-32bit-2.8.10-39.22")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"gtk2-2.8.10-39.22")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"gtk2-devel-2.8.10-39.22")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"gtk2-doc-2.8.10-39.22")) flag++;
    if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"gtk2-32bit-2.8.10-39.22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11400.NASL
    descriptionA denial of service (crash) condition was fixed in the image handling routines of GTK+. This could be triggered for instance by viewing HTML emails or similar. (CVE-2007-0010)
    last seen2020-06-01
    modified2020-06-02
    plugin id41113
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41113
    titleSuSE9 Security Update : gtk2 (YOU Patch Number 11400)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41113);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2007-0010");
    
      script_name(english:"SuSE9 Security Update : gtk2 (YOU Patch Number 11400)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A denial of service (crash) condition was fixed in the image handling
    routines of GTK+. This could be triggered for instance by viewing HTML
    emails or similar. (CVE-2007-0010)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0010.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 11400.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"gtk2-2.2.4-125.17")) flag++;
    if (rpm_check(release:"SUSE9", reference:"gtk2-devel-2.2.4-125.17")) flag++;
    if (rpm_check(release:"SUSE9", reference:"gtk2-doc-2.2.4-125.17")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"gtk2-32bit-9-200701181719")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0019.NASL
    descriptionFrom Red Hat Security Advisory 2007:0019 : Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67441
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67441
    titleOracle Linux 4 : gtk2 (ELSA-2007-0019)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:0019 and 
    # Oracle Linux Security Advisory ELSA-2007-0019 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67441);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2007-0010");
      script_xref(name:"RHSA", value:"2007:0019");
    
      script_name(english:"Oracle Linux 4 : gtk2 (ELSA-2007-0019)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:0019 :
    
    Updated gtk2 packages that fix a security issue are now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The gtk2 package contains the GIMP ToolKit (GTK+), a library for
    creating graphical user interfaces for the X Window System.
    
    A bug was found in the way the gtk2 GdkPixbufLoader() function
    processed invalid input. Applications linked against gtk2 could crash
    if they loaded a malformed image file. (CVE-2007-0010)
    
    Users of gtk2 are advised to upgrade to these updated packages, which
    contain a backported patch to correct this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-January/000042.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gtk2 packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gtk2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gtk2-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"gtk2-2.4.13-22")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"gtk2-2.4.13-22")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"gtk2-devel-2.4.13-22")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"gtk2-devel-2.4.13-22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gtk2 / gtk2-devel");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-039.NASL
    descriptionThe GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. (CVE-2007-0010) The version of libgtk+2.0 shipped with Mandriva Linux 2007 fails various portions of the lsb-test-desktop test suite, part of LSB 3.1 certification testing. The updated packages also address the following issues : The Home and Desktop entries in the GTK File Chooser are not always visible (#26644). GTK+-based applications (which includes all the Mandriva Linux configuration tools, for example) crash (instead of falling back to the default theme) when an invalid icon theme is selected. (#27013) Additional patches from GNOME CVS have been included to address the following issues from the GNOME bugzilla : - 357132 &#9;&#9;&#9;&#9;- fix RGBA colormap issue - 359537,357280,359052 &#9;&#9;- fix various printer bugs - 357566,353736,357050,363437,379503 - fix various crashes - 372527&#9;&#9;&#9;&#9;- fix fileselector bug + potential deadlock
    last seen2020-06-01
    modified2020-06-02
    plugin id24652
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24652
    titleMandrake Linux Security Advisory : gtk+2.0 (MDKSA-2007:039)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GTK2-2499.NASL
    descriptionA bug in gdk-pixbuf could crash applications such as Evolution when trying to display certain images (CVE-2007-0010) Additionally a bug in the printer dialog prevent the correct display of all connected printers.
    last seen2020-06-01
    modified2020-06-02
    plugin id27254
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27254
    titleopenSUSE 10 Security Update : gtk2 (gtk2-2499)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-415-1.NASL
    descriptionA flaw was discovered in the error handling of GTK
    last seen2020-06-01
    modified2020-06-02
    plugin id28004
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28004
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : gtk+2.0 vulnerability (USN-415-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0019.NASL
    descriptionUpdated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24259
    published2007-01-26
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24259
    titleRHEL 4 : gtk2 (RHSA-2007:0019)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GTK2-2498.NASL
    descriptionA bug in gdk-pixbuf could crash applications such as Evolution when trying to display certain images (CVE-2007-0010)
    last seen2020-06-01
    modified2020-06-02
    plugin id27253
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27253
    titleopenSUSE 10 Security Update : gtk2 (gtk2-2498)

Oval

accepted2013-04-29T04:04:40.636-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionThe GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
familyunix
idoval:org.mitre.oval:def:10325
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
version26

Redhat

advisories
bugzilla
id218932
titleCVE-2007-0010 GdbPixbufLoader fails to handle invalid input from Evolution correctly
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentgtk2 is earlier than 0:2.4.13-22
          ovaloval:com.redhat.rhsa:tst:20070019001
        • commentgtk2 is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070019002
      • AND
        • commentgtk2-devel is earlier than 0:2.4.13-22
          ovaloval:com.redhat.rhsa:tst:20070019003
        • commentgtk2-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070019004
rhsa
idRHSA-2007:0019
released2007-01-24
severityModerate
titleRHSA-2007:0019: gtk2 security update (Moderate)
rpms
  • gtk2-0:2.4.13-22
  • gtk2-debuginfo-0:2.4.13-22
  • gtk2-devel-0:2.4.13-22

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.