Launchpad CVE tracker

CVE 2013-7447

Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

Related bugs and status

CVE-2013-7447 (Candidate) is related to these bugs:

Bug #1540811: [GDK] patch - avoid integer overflow when allocating a large block of memory

		In	Importance	Status
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+2.0 (Ubuntu)	High	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+2.0 (Debian)	Unknown	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	GTK+	Low	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+2.0 (Ubuntu Precise)	Medium	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+2.0 (Ubuntu Trusty)	Medium	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+2.0 (Ubuntu Wily)	Medium	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+2.0 (Ubuntu Xenial)	High	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+3.0 (Ubuntu)	Medium	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+3.0 (Ubuntu Precise)	Medium	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+3.0 (Ubuntu Trusty)	Medium	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+3.0 (Ubuntu Wily)	Medium	Fix Released
1540811	[GDK] patch - avoid integer overflow when allocating a large block of memory	gtk+3.0 (Ubuntu Xenial)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-7447

References