USN-6899-1
- Source
- https://ubuntu.com/security/notices/USN-6899-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6899-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6899-1
- Upstream
- Related
- Published
- 2024-07-16T13:03:44.132550Z
- Modified
- 2025-10-13T04:37:55Z
- Summary
- gtk+2.0, gtk+3.0 vulnerability
- Details
-
It was discovered that GTK would attempt to load modules from the current directory, contrary to expectations. If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges.
- References
Affected packages
Ubuntu:20.04:LTS
gtk+2.0
Package
- Name
- gtk+2.0
- Purl
- pkg:deb/ubuntu/gtk+2.0@2.24.32-4ubuntu4.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.24.32-4ubuntu4.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gtk-2.0",
"binary_version": "2.24.32-4ubuntu4.1"
},
{
"binary_name": "gtk2-engines-pixbuf",
"binary_version": "2.24.32-4ubuntu4.1"
},
{
"binary_name": "gtk2.0-examples",
"binary_version": "2.24.32-4ubuntu4.1"
},
{
"binary_name": "libgail-common",
"binary_version": "2.24.32-4ubuntu4.1"
},
{
"binary_name": "libgail-dev",
"binary_version": "2.24.32-4ubuntu4.1"
},
{
"binary_name": "libgail18",
"binary_version": "2.24.32-4ubuntu4.1"
},
{
"binary_name": "libgtk2.0-0",
"binary_version": "2.24.32-4ubuntu4.1"
},
{
"binary_name": "libgtk2.0-bin",
"binary_version": "2.24.32-4ubuntu4.1"
},
{
"binary_name": "libgtk2.0-common",
"binary_version": "2.24.32-4ubuntu4.1"
},
{
"binary_name": "libgtk2.0-dev",
"binary_version": "2.24.32-4ubuntu4.1"
}
],
"availability": "No subscription required"
}gtk+3.0
Package
- Name
- gtk+3.0
- Purl
- pkg:deb/ubuntu/gtk+3.0@3.24.20-0ubuntu1.2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.24.20-0ubuntu1.2
Affected versions
3.*
3.24.12-1ubuntu1
3.24.13-1ubuntu1
3.24.14-1ubuntu1
3.24.17-3ubuntu1
3.24.18-1ubuntu1
3.24.20-0ubuntu1
3.24.20-0ubuntu1.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gtk-3.0",
"binary_version": "3.24.20-0ubuntu1.2"
},
{
"binary_name": "gtk-3-examples",
"binary_version": "3.24.20-0ubuntu1.2"
},
{
"binary_name": "gtk-update-icon-cache",
"binary_version": "3.24.20-0ubuntu1.2"
},
{
"binary_name": "libgail-3-0",
"binary_version": "3.24.20-0ubuntu1.2"
},
{
"binary_name": "libgail-3-dev",
"binary_version": "3.24.20-0ubuntu1.2"
},
{
"binary_name": "libgtk-3-0",
"binary_version": "3.24.20-0ubuntu1.2"
},
{
"binary_name": "libgtk-3-bin",
"binary_version": "3.24.20-0ubuntu1.2"
},
{
"binary_name": "libgtk-3-common",
"binary_version": "3.24.20-0ubuntu1.2"
},
{
"binary_name": "libgtk-3-dev",
"binary_version": "3.24.20-0ubuntu1.2"
}
],
"availability": "No subscription required"
}Ubuntu:22.04:LTS
gtk+2.0
Package
- Name
- gtk+2.0
- Purl
- pkg:deb/ubuntu/gtk+2.0@2.24.33-2ubuntu2.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.24.33-2ubuntu2.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gtk-2.0",
"binary_version": "2.24.33-2ubuntu2.1"
},
{
"binary_name": "gtk2-engines-pixbuf",
"binary_version": "2.24.33-2ubuntu2.1"
},
{
"binary_name": "gtk2.0-examples",
"binary_version": "2.24.33-2ubuntu2.1"
},
{
"binary_name": "libgail-common",
"binary_version": "2.24.33-2ubuntu2.1"
},
{
"binary_name": "libgail-dev",
"binary_version": "2.24.33-2ubuntu2.1"
},
{
"binary_name": "libgail18",
"binary_version": "2.24.33-2ubuntu2.1"
},
{
"binary_name": "libgtk2.0-0",
"binary_version": "2.24.33-2ubuntu2.1"
},
{
"binary_name": "libgtk2.0-bin",
"binary_version": "2.24.33-2ubuntu2.1"
},
{
"binary_name": "libgtk2.0-common",
"binary_version": "2.24.33-2ubuntu2.1"
},
{
"binary_name": "libgtk2.0-dev",
"binary_version": "2.24.33-2ubuntu2.1"
}
],
"availability": "No subscription required"
}gtk+3.0
Package
- Name
- gtk+3.0
- Purl
- pkg:deb/ubuntu/gtk+3.0@3.24.33-1ubuntu2.2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.24.33-1ubuntu2.2
Affected versions
3.*
3.24.30-1ubuntu1
3.24.30-3ubuntu1
3.24.30-3ubuntu2
3.24.31-1ubuntu1
3.24.32-0ubuntu1
3.24.33-1ubuntu1
3.24.33-1ubuntu2
3.24.33-1ubuntu2.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gtk-3.0",
"binary_version": "3.24.33-1ubuntu2.2"
},
{
"binary_name": "gtk-3-examples",
"binary_version": "3.24.33-1ubuntu2.2"
},
{
"binary_name": "gtk-update-icon-cache",
"binary_version": "3.24.33-1ubuntu2.2"
},
{
"binary_name": "libgail-3-0",
"binary_version": "3.24.33-1ubuntu2.2"
},
{
"binary_name": "libgail-3-dev",
"binary_version": "3.24.33-1ubuntu2.2"
},
{
"binary_name": "libgtk-3-0",
"binary_version": "3.24.33-1ubuntu2.2"
},
{
"binary_name": "libgtk-3-bin",
"binary_version": "3.24.33-1ubuntu2.2"
},
{
"binary_name": "libgtk-3-common",
"binary_version": "3.24.33-1ubuntu2.2"
},
{
"binary_name": "libgtk-3-dev",
"binary_version": "3.24.33-1ubuntu2.2"
}
],
"availability": "No subscription required"
}Ubuntu:24.04:LTS
gtk+2.0
Package
- Name
- gtk+2.0
- Purl
- pkg:deb/ubuntu/gtk+2.0@2.24.33-4ubuntu1.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.24.33-4ubuntu1.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gtk-2.0",
"binary_version": "2.24.33-4ubuntu1.1"
},
{
"binary_name": "gtk2-engines-pixbuf",
"binary_version": "2.24.33-4ubuntu1.1"
},
{
"binary_name": "libgail-common",
"binary_version": "2.24.33-4ubuntu1.1"
},
{
"binary_name": "libgail-dev",
"binary_version": "2.24.33-4ubuntu1.1"
},
{
"binary_name": "libgail18t64",
"binary_version": "2.24.33-4ubuntu1.1"
},
{
"binary_name": "libgtk2.0-0t64",
"binary_version": "2.24.33-4ubuntu1.1"
},
{
"binary_name": "libgtk2.0-bin",
"binary_version": "2.24.33-4ubuntu1.1"
},
{
"binary_name": "libgtk2.0-common",
"binary_version": "2.24.33-4ubuntu1.1"
},
{
"binary_name": "libgtk2.0-dev",
"binary_version": "2.24.33-4ubuntu1.1"
}
],
"availability": "No subscription required"
}gtk+3.0
Package
- Name
- gtk+3.0
- Purl
- pkg:deb/ubuntu/gtk+3.0@3.24.41-4ubuntu1.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.24.41-4ubuntu1.1
Affected versions
3.*
3.24.38-5ubuntu1
3.24.38-5ubuntu2
3.24.39-1ubuntu1
3.24.40-2ubuntu1
3.24.41-1.1ubuntu3
3.24.41-1.1ubuntu4
3.24.41-4ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-gtk-3.0",
"binary_version": "3.24.41-4ubuntu1.1"
},
{
"binary_name": "gtk-3-examples",
"binary_version": "3.24.41-4ubuntu1.1"
},
{
"binary_name": "gtk-update-icon-cache",
"binary_version": "3.24.41-4ubuntu1.1"
},
{
"binary_name": "libgail-3-0t64",
"binary_version": "3.24.41-4ubuntu1.1"
},
{
"binary_name": "libgail-3-dev",
"binary_version": "3.24.41-4ubuntu1.1"
},
{
"binary_name": "libgtk-3-0t64",
"binary_version": "3.24.41-4ubuntu1.1"
},
{
"binary_name": "libgtk-3-bin",
"binary_version": "3.24.41-4ubuntu1.1"
},
{
"binary_name": "libgtk-3-common",
"binary_version": "3.24.41-4ubuntu1.1"
},
{
"binary_name": "libgtk-3-dev",
"binary_version": "3.24.41-4ubuntu1.1"
}
],
"availability": "No subscription required"
}