UBUNTU-CVE-2013-7447

Source
https://ubuntu.com/security/CVE-2013-7447
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-7447.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2013-7447
Upstream
Downstream
Related
Published
2013-12-31T00:00:00Z
Modified
2025-07-18T16:42:58Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Integer overflow in the gdkcairosetsourcepixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

References

Affected packages

Ubuntu:14.04:LTS / eog

Package

Name
eog
Purl
pkg:deb/ubuntu/eog@3.10.2-0ubuntu5.1?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.10.2-0ubuntu5.1

Affected versions

3.*

3.8.2-1ubuntu1
3.10.1-1ubuntu1
3.10.2-0ubuntu1
3.10.2-0ubuntu2
3.10.2-0ubuntu3
3.10.2-0ubuntu4
3.10.2-0ubuntu5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "eog",
            "binary_version": "3.10.2-0ubuntu5.1"
        },
        {
            "binary_name": "eog-dbg",
            "binary_version": "3.10.2-0ubuntu5.1"
        },
        {
            "binary_name": "eog-dbgsym",
            "binary_version": "3.10.2-0ubuntu5.1"
        },
        {
            "binary_name": "eog-dev",
            "binary_version": "3.10.2-0ubuntu5.1"
        }
    ]
}

Ubuntu:14.04:LTS / gtk+2.0

Package

Name
gtk+2.0
Purl
pkg:deb/ubuntu/gtk+2.0@2.24.23-0ubuntu1.4?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.24.23-0ubuntu1.4

Affected versions

2.*

2.24.20-1ubuntu1
2.24.21-1ubuntu1
2.24.22-1ubuntu1
2.24.22-1ubuntu2
2.24.23-0ubuntu1
2.24.23-0ubuntu1.1
2.24.23-0ubuntu1.2
2.24.23-0ubuntu1.3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gir1.2-gtk-2.0",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "gir1.2-gtk-2.0-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "gtk2-engines-pixbuf",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "gtk2-engines-pixbuf-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "gtk2.0-examples",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "gtk2.0-examples-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-common",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-common-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-dbg",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-dev",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-dev-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-doc",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail18",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail18-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-0",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-0-dbg",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-0-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-0-udeb",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-0-udeb-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-bin",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-bin-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-common",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-dev",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-dev-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-doc",
            "binary_version": "2.24.23-0ubuntu1.4"
        }
    ]
}

Ubuntu:16.04:LTS / eog

Package

Name
eog
Purl
pkg:deb/ubuntu/eog@3.18.1-1ubuntu2?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.1-1ubuntu2

Affected versions

3.*

3.16.3-1ubuntu2
3.18.0-0ubuntu1
3.18.0-1ubuntu1
3.18.0-1ubuntu2
3.18.1-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "eog",
            "binary_version": "3.18.1-1ubuntu2"
        },
        {
            "binary_name": "eog-dbg",
            "binary_version": "3.18.1-1ubuntu2"
        },
        {
            "binary_name": "eog-dbgsym",
            "binary_version": "3.18.1-1ubuntu2"
        },
        {
            "binary_name": "eog-dev",
            "binary_version": "3.18.1-1ubuntu2"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / gambas3

Package

Name
gambas3
Purl
pkg:deb/ubuntu/gambas3@3.8.4-2ubuntu3.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.4-2ubuntu5
3.5.4-2ubuntu7
3.5.4-2ubuntu11
3.8.4-2ubuntu1
3.8.4-2ubuntu2
3.8.4-2ubuntu3
3.8.4-2ubuntu3.1

Ubuntu:Pro:16.04:LTS / gnome-photos

Package

Name
gnome-photos
Purl
pkg:deb/ubuntu/gnome-photos@3.18.2-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.16.2-1
3.18.1-1
3.18.1-1build1
3.18.2-1

Ubuntu:Pro:16.04:LTS / pinpoint

Package

Name
pinpoint
Purl
pkg:deb/ubuntu/pinpoint@1:0.1.8-2?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.6-1
1:0.1.8-1ubuntu2
1:0.1.8-2

Ubuntu:Pro:16.04:LTS / thunar

Package

Name
thunar
Purl
pkg:deb/ubuntu/thunar@1.6.11-0ubuntu0.16.04.2?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.10-1
1.6.10-2
1.6.10-2ubuntu1
1.6.11-0ubuntu0.16.04.1
1.6.11-0ubuntu0.16.04.2

Ubuntu:Pro:18.04:LTS / pinpoint

Package

Name
pinpoint
Purl
pkg:deb/ubuntu/pinpoint@1:0.1.8-3?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.8-3

Ubuntu:Pro:20.04:LTS / gambas3

Package

Name
gambas3
Purl
pkg:deb/ubuntu/gambas3@3.14.3-2ubuntu3.1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.13.0-1ubuntu2
3.14.3-1
3.14.3-1build1
3.14.3-1ubuntu1
3.14.3-2ubuntu1
3.14.3-2ubuntu3
3.14.3-2ubuntu3.1

Ubuntu:Pro:20.04:LTS / pinpoint

Package

Name
pinpoint
Purl
pkg:deb/ubuntu/pinpoint@1:0.1.8-4?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.8-4

Ubuntu:22.04:LTS / gambas3

Package

Name
gambas3
Purl
pkg:deb/ubuntu/gambas3@3.16.3-3?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.16.2-3build1
3.16.3-2
3.16.3-2build1
3.16.3-3

Ubuntu:22.04:LTS / pinpoint

Package

Name
pinpoint
Purl
pkg:deb/ubuntu/pinpoint@1:0.1.8-5?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.8-4
1:0.1.8-5

Ubuntu:24.04:LTS / gambas3

Package

Name
gambas3
Purl
pkg:deb/ubuntu/gambas3@3.19.0-2ubuntu10?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.18.3-1ubuntu1
3.18.3-1ubuntu2
3.18.4-3ubuntu1
3.19.0-2ubuntu1
3.19.0-2ubuntu9
3.19.0-2ubuntu10

Ubuntu:24.04:LTS / pinpoint

Package

Name
pinpoint
Purl
pkg:deb/ubuntu/pinpoint@1:0.1.8-6build2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.8-6
1:0.1.8-6build1
1:0.1.8-6build2

Ubuntu:25.04 / gambas3

Package

Name
gambas3
Purl
pkg:deb/ubuntu/gambas3@3.20.2-1build1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.19.3-1ubuntu2
3.19.5-1ubuntu1
3.20.0-4
3.20.0-4build1
3.20.2-1
3.20.2-1build1

Ubuntu:25.04 / pinpoint

Package

Name
pinpoint
Purl
pkg:deb/ubuntu/pinpoint@1:0.1.8-6build2?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.8-6build2