UBUNTU-CVE-2013-7447

Integer overflow in the gdkcairosetsourcepixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

References

Affected packages

Ubuntu:14.04:LTS / eog

Package

Name: eog
Purl: pkg:deb/ubuntu/eog@3.10.2-0ubuntu5.1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.2-0ubuntu5.1

Affected versions

3.*

3.8.2-1ubuntu1

3.10.1-1ubuntu1

3.10.2-0ubuntu1

3.10.2-0ubuntu2

3.10.2-0ubuntu3

3.10.2-0ubuntu4

3.10.2-0ubuntu5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "eog",
            "binary_version": "3.10.2-0ubuntu5.1"
        },
        {
            "binary_name": "eog-dbg",
            "binary_version": "3.10.2-0ubuntu5.1"
        },
        {
            "binary_name": "eog-dbgsym",
            "binary_version": "3.10.2-0ubuntu5.1"
        },
        {
            "binary_name": "eog-dev",
            "binary_version": "3.10.2-0ubuntu5.1"
        }
    ]
}

Ubuntu:14.04:LTS / gtk+2.0

Package

Name: gtk+2.0
Purl: pkg:deb/ubuntu/gtk+2.0@2.24.23-0ubuntu1.4?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.24.23-0ubuntu1.4

Affected versions

2.*

2.24.20-1ubuntu1

2.24.21-1ubuntu1

2.24.22-1ubuntu1

2.24.22-1ubuntu2

2.24.23-0ubuntu1

2.24.23-0ubuntu1.1

2.24.23-0ubuntu1.2

2.24.23-0ubuntu1.3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gir1.2-gtk-2.0",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "gir1.2-gtk-2.0-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "gtk2-engines-pixbuf",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "gtk2-engines-pixbuf-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "gtk2.0-examples",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "gtk2.0-examples-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-common",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-common-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-dbg",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-dev",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-dev-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail-doc",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail18",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgail18-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-0",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-0-dbg",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-0-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-0-udeb",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-0-udeb-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-bin",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-bin-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-common",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-dev",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-dev-dbgsym",
            "binary_version": "2.24.23-0ubuntu1.4"
        },
        {
            "binary_name": "libgtk2.0-doc",
            "binary_version": "2.24.23-0ubuntu1.4"
        }
    ]
}

Ubuntu:16.04:LTS / eog

Package

Name: eog
Purl: pkg:deb/ubuntu/eog@3.18.1-1ubuntu2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.1-1ubuntu2

Affected versions

3.*

3.16.3-1ubuntu2

3.18.0-0ubuntu1

3.18.0-1ubuntu1

3.18.0-1ubuntu2

3.18.1-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "eog",
            "binary_version": "3.18.1-1ubuntu2"
        },
        {
            "binary_name": "eog-dbg",
            "binary_version": "3.18.1-1ubuntu2"
        },
        {
            "binary_name": "eog-dbgsym",
            "binary_version": "3.18.1-1ubuntu2"
        },
        {
            "binary_name": "eog-dev",
            "binary_version": "3.18.1-1ubuntu2"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / gambas3

Package

Name: gambas3
Purl: pkg:deb/ubuntu/gambas3@3.8.4-2ubuntu3.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.4-2ubuntu5

3.5.4-2ubuntu7

3.5.4-2ubuntu11

3.8.4-2ubuntu1

3.8.4-2ubuntu2

3.8.4-2ubuntu3

3.8.4-2ubuntu3.1

Ubuntu:Pro:16.04:LTS / gnome-photos

Package

Name: gnome-photos
Purl: pkg:deb/ubuntu/gnome-photos@3.18.2-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.16.2-1

3.18.1-1

3.18.1-1build1

3.18.2-1

Ubuntu:Pro:16.04:LTS / pinpoint

Package

Name: pinpoint
Purl: pkg:deb/ubuntu/pinpoint@1:0.1.8-2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.6-1

1:0.1.8-1ubuntu2

1:0.1.8-2

Ubuntu:Pro:16.04:LTS / thunar

Package

Name: thunar
Purl: pkg:deb/ubuntu/thunar@1.6.11-0ubuntu0.16.04.2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.10-1

1.6.10-2

1.6.10-2ubuntu1

1.6.11-0ubuntu0.16.04.1

1.6.11-0ubuntu0.16.04.2

Ubuntu:Pro:18.04:LTS / pinpoint

Package

Name: pinpoint
Purl: pkg:deb/ubuntu/pinpoint@1:0.1.8-3?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.8-3

Ubuntu:Pro:20.04:LTS / gambas3

Package

Name: gambas3
Purl: pkg:deb/ubuntu/gambas3@3.14.3-2ubuntu3.1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.13.0-1ubuntu2

3.14.3-1

3.14.3-1build1

3.14.3-1ubuntu1

3.14.3-2ubuntu1

3.14.3-2ubuntu3

3.14.3-2ubuntu3.1

Ubuntu:Pro:20.04:LTS / pinpoint

Package

Name: pinpoint
Purl: pkg:deb/ubuntu/pinpoint@1:0.1.8-4?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.8-4

Ubuntu:22.04:LTS / gambas3

Package

Name: gambas3
Purl: pkg:deb/ubuntu/gambas3@3.16.3-3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.16.2-3build1

3.16.3-2

3.16.3-2build1

3.16.3-3

Ubuntu:22.04:LTS / pinpoint

Package

Name: pinpoint
Purl: pkg:deb/ubuntu/pinpoint@1:0.1.8-5?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.8-4

1:0.1.8-5

Ubuntu:24.04:LTS / gambas3

Package

Name: gambas3
Purl: pkg:deb/ubuntu/gambas3@3.19.0-2ubuntu10?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.18.3-1ubuntu1

3.18.3-1ubuntu2

3.18.4-3ubuntu1

3.19.0-2ubuntu1

3.19.0-2ubuntu9

3.19.0-2ubuntu10

Ubuntu:24.04:LTS / pinpoint

Package

Name: pinpoint
Purl: pkg:deb/ubuntu/pinpoint@1:0.1.8-6build2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.8-6

1:0.1.8-6build1

1:0.1.8-6build2

Ubuntu:25.04 / gambas3

Package

Name: gambas3
Purl: pkg:deb/ubuntu/gambas3@3.20.2-1build1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.19.3-1ubuntu2

3.19.5-1ubuntu1

3.20.0-4

3.20.0-4build1

3.20.2-1

3.20.2-1build1

Ubuntu:25.04 / pinpoint

Package

Name: pinpoint
Purl: pkg:deb/ubuntu/pinpoint@1:0.1.8-6build2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.1.8-6build2