Vulnerabilities > CVE-2013-7447

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
canonical
samsung
nessus
NVD
Published: 2016-02-17
Updated: 2016-12-03

Summary

Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

Vulnerable Configurations

Part Description Count
OS
Canonical
3
OS
Samsung
1

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2016-254-02.NASL
    descriptionNew gtk+2 packages are available for Slackware 14.1, 14.2, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id93412
    published2016-09-12
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93412
    titleSlackware 14.1 / 14.2 / current : gtk+2 (SSA:2016-254-02)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Slackware Security Advisory 2016-254-02. The text 
# itself is copyright (C) Slackware Linux, Inc.
#

include("compat.inc");

if (description)
{
  script_id(93412);
  script_version("$Revision: 2.2 $");
  script_cvs_date("$Date: 2016/10/19 14:37:27 $");

  script_cve_id("CVE-2013-7447");
  script_xref(name:"SSA", value:"2016-254-02");

  script_name(english:"Slackware 14.1 / 14.2 / current : gtk+2 (SSA:2016-254-02)");
  script_summary(english:"Checks for updated package in /var/log/packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Slackware host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"New gtk+2 packages are available for Slackware 14.1, 14.2, and
-current to fix a security issue."
  );
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.391438
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?65925cf0"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected gtk+2 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:gtk+2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc.");
  script_family(english:"Slackware Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("slackware.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);


flag = 0;
if (slackware_check(osver:"14.1", pkgname:"gtk+2", pkgver:"2.24.20", pkgarch:"i486", pkgnum:"2_slack14.1")) flag++;
if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"gtk+2", pkgver:"2.24.20", pkgarch:"x86_64", pkgnum:"2_slack14.1")) flag++;

if (slackware_check(osver:"14.2", pkgname:"gtk+2", pkgver:"2.24.31", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"gtk+2", pkgver:"2.24.31", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;

if (slackware_check(osver:"current", pkgname:"gtk+2", pkgver:"2.24.31", pkgarch:"i586", pkgnum:"1")) flag++;
if (slackware_check(osver:"current", arch:"x86_64", pkgname:"gtk+2", pkgver:"2.24.31", pkgarch:"x86_64", pkgnum:"1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2898-2.NASL
    descriptionIt was discovered that Eye of GNOME incorrectly handled certain large images. If a user were tricked into opening a specially crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88750
    published2016-02-16
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88750
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 : eog vulnerability (USN-2898-2)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2898-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(88750);
  script_version("2.10");
  script_cvs_date("Date: 2019/09/18 12:31:45");

  script_cve_id("CVE-2013-7447");
  script_xref(name:"USN", value:"2898-2");

  script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eog vulnerability (USN-2898-2)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that Eye of GNOME incorrectly handled certain large
images. If a user were tricked into opening a specially crafted image,
a remote attacker could use this issue to cause Eye of GNOME to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2898-2/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected eog package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:eog");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/16");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04|14\.04|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"eog", pkgver:"3.4.2-0ubuntu1.2")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"eog", pkgver:"3.10.2-0ubuntu5.1")) flag++;
if (ubuntu_check(osver:"15.10", pkgname:"eog", pkgver:"3.16.3-1ubuntu2.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "eog");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2550-1.NASL
    descriptionThis update for gtk2 fixes the following issues : - CVE-2013-7447: Avoid an overflow when allocating a cairo pixbuf (bsc#966682). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id94270
    published2016-10-26
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94270
    titleSUSE SLED12 / SLES12 Security Update : gtk2 (SUSE-SU-2016:2550-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2898-1.NASL
    descriptionIt was discovered that GTK+ incorrectly handled certain large images. A remote attacker could use this issue to cause GTK+ applications to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88749
    published2016-02-16
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88749
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 : gtk+2.0, gtk+3.0 vulnerability (USN-2898-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-296.NASL
    descriptionThis update for eog fixes the following issues : - Update to version 3.14.5 (CVE-2013-7447 boo#966682) : + bgo#762028, >=eog-3.16 is affected by CVE-2013-7447. + Updated translations.
    last seen2020-06-05
    modified2016-03-04
    plugin id89653
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89653
    titleopenSUSE Security Update : eog (openSUSE-2016-296)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-330BFC0338.NASL
    description# Bugs fixed: * 762027 print-preview: Fix possible integer overflow flaw (CVE-2013-7447) # Updated translations: * Gaelic (Scottish) * Portuguese Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-22
    plugin id90072
    published2016-03-22
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90072
    titleFedora 23 : gnome-photos-3.18.3-1.fc23 (2016-330bfc0338)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2532-1.NASL
    descriptionThis update for gtk2 fixes the following security issues : - CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32() function that could be used by attackers to crash GTK/GDK programs. - CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf (bsc#966682). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id94268
    published2016-10-26
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94268
    titleSUSE SLES11 Security Update : gtk2 (SUSE-SU-2016:2532-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1117.NASL
    descriptionThis gtk2 update to version 2.24.31 fixes the following issues : Security issues fixed : - CVE-2013-7447: Fixed integer overflow in image handling (boo#966682). Bugs fixed : - Changes from version 2.24.31 : + Backport many file chooser entry fixes and cleanups. + Don
    last seen2020-06-05
    modified2016-09-26
    plugin id93703
    published2016-09-26
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93703
    titleopenSUSE Security Update : gtk2 (openSUSE-2016-1117)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1118.NASL
    descriptionThis gtk2 update to version 2.24.31 fixes the following issues : Security issues fixed : - CVE-2013-7447: Fixed integer overflow in image handling (boo#966682). Bugs fixed : - Changes from version 2.24.31 : + Backport many file chooser entry fixes and cleanups. + Don
    last seen2020-06-05
    modified2016-09-26
    plugin id93704
    published2016-09-26
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93704
    titleopenSUSE Security Update : gtk2 (openSUSE-2016-1118)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-419.NASL
    descriptionGtk+2.0, a graphical user interface library, was susceptible to an integer overflow in its gdk_cairo_set_source_pixbuf function when allocating a large block of memory. For Debian 6
    last seen2020-03-17
    modified2016-02-18
    plugin id88810
    published2016-02-18
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88810
    titleDebian DLA-419-1 : gtk+2.0 security update

References