Vulnerabilities > CVE-2013-7447 - Integer Overflow vulnerability in GTK+
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation. <a href="http://cwe.mitre.org/data/definitions/190.html">CWE-190: Integer Overflow or Wraparound</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 | |
| Application | 1 |
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-254-02.NASL description New gtk+2 packages are available for Slackware 14.1, 14.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 93412 published 2016-09-12 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93412 title Slackware 14.1 / 14.2 / current : gtk+2 (SSA:2016-254-02) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2016-254-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(93412); script_version("$Revision: 2.2 $"); script_cvs_date("$Date: 2016/10/19 14:37:27 $"); script_cve_id("CVE-2013-7447"); script_xref(name:"SSA", value:"2016-254-02"); script_name(english:"Slackware 14.1 / 14.2 / current : gtk+2 (SSA:2016-254-02)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New gtk+2 packages are available for Slackware 14.1, 14.2, and -current to fix a security issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.391438 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?65925cf0" ); script_set_attribute(attribute:"solution", value:"Update the affected gtk+2 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:gtk+2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.1", pkgname:"gtk+2", pkgver:"2.24.20", pkgarch:"i486", pkgnum:"2_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"gtk+2", pkgver:"2.24.20", pkgarch:"x86_64", pkgnum:"2_slack14.1")) flag++; if (slackware_check(osver:"14.2", pkgname:"gtk+2", pkgver:"2.24.31", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"gtk+2", pkgver:"2.24.31", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"current", pkgname:"gtk+2", pkgver:"2.24.31", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"gtk+2", pkgver:"2.24.31", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2898-2.NASL description It was discovered that Eye of GNOME incorrectly handled certain large images. If a user were tricked into opening a specially crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88750 published 2016-02-16 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88750 title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eog vulnerability (USN-2898-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2898-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(88750); script_version("2.10"); script_cvs_date("Date: 2019/09/18 12:31:45"); script_cve_id("CVE-2013-7447"); script_xref(name:"USN", value:"2898-2"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eog vulnerability (USN-2898-2)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that Eye of GNOME incorrectly handled certain large images. If a user were tricked into opening a specially crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2898-2/" ); script_set_attribute(attribute:"solution", value:"Update the affected eog package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:eog"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/17"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"eog", pkgver:"3.4.2-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"eog", pkgver:"3.10.2-0ubuntu5.1")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"eog", pkgver:"3.16.3-1ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "eog"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2550-1.NASL description This update for gtk2 fixes the following issues : - CVE-2013-7447: Avoid an overflow when allocating a cairo pixbuf (bsc#966682). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 94270 published 2016-10-26 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94270 title SUSE SLED12 / SLES12 Security Update : gtk2 (SUSE-SU-2016:2550-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2898-1.NASL description It was discovered that GTK+ incorrectly handled certain large images. A remote attacker could use this issue to cause GTK+ applications to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88749 published 2016-02-16 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88749 title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : gtk+2.0, gtk+3.0 vulnerability (USN-2898-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-296.NASL description This update for eog fixes the following issues : - Update to version 3.14.5 (CVE-2013-7447 boo#966682) : + bgo#762028, >=eog-3.16 is affected by CVE-2013-7447. + Updated translations. last seen 2020-06-05 modified 2016-03-04 plugin id 89653 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89653 title openSUSE Security Update : eog (openSUSE-2016-296) NASL family Fedora Local Security Checks NASL id FEDORA_2016-330BFC0338.NASL description # Bugs fixed: * 762027 print-preview: Fix possible integer overflow flaw (CVE-2013-7447) # Updated translations: * Gaelic (Scottish) * Portuguese Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-22 plugin id 90072 published 2016-03-22 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90072 title Fedora 23 : gnome-photos-3.18.3-1.fc23 (2016-330bfc0338) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2532-1.NASL description This update for gtk2 fixes the following security issues : - CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32() function that could be used by attackers to crash GTK/GDK programs. - CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf (bsc#966682). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 94268 published 2016-10-26 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94268 title SUSE SLES11 Security Update : gtk2 (SUSE-SU-2016:2532-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1117.NASL description This gtk2 update to version 2.24.31 fixes the following issues : Security issues fixed : - CVE-2013-7447: Fixed integer overflow in image handling (boo#966682). Bugs fixed : - Changes from version 2.24.31 : + Backport many file chooser entry fixes and cleanups. + Don last seen 2020-06-05 modified 2016-09-26 plugin id 93703 published 2016-09-26 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93703 title openSUSE Security Update : gtk2 (openSUSE-2016-1117) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1118.NASL description This gtk2 update to version 2.24.31 fixes the following issues : Security issues fixed : - CVE-2013-7447: Fixed integer overflow in image handling (boo#966682). Bugs fixed : - Changes from version 2.24.31 : + Backport many file chooser entry fixes and cleanups. + Don last seen 2020-06-05 modified 2016-09-26 plugin id 93704 published 2016-09-26 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93704 title openSUSE Security Update : gtk2 (openSUSE-2016-1118) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-419.NASL description Gtk+2.0, a graphical user interface library, was susceptible to an integer overflow in its gdk_cairo_set_source_pixbuf function when allocating a large block of memory. For Debian 6 last seen 2020-03-17 modified 2016-02-18 plugin id 88810 published 2016-02-18 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88810 title Debian DLA-419-1 : gtk+2.0 security update
References
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00010.html
- http://www.openwall.com/lists/oss-security/2016/02/10/2
- http://www.openwall.com/lists/oss-security/2016/02/10/6
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/83239
- http://www.ubuntu.com/usn/USN-2898-1
- http://www.ubuntu.com/usn/USN-2898-2
- https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811
- https://bugzilla.gnome.org/show_bug.cgi?id=703220
- https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
- https://git.gnome.org/browse/gtk+/tree/NEWS
- https://github.com/mate-desktop/eom/issues/93