Fluid Attacks Database

Description

gtk2 vulnerable to Use of Externally-Controlled Format String Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rubygems	gtk2	>=0 <0.17.0	0.17.0

Aliases

1. CVE-2007-61832. NVD-2007-61833. OSV-2007-61834. GCVE-2007-61835. security.gentoo.org

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=4028712. https://exchange.xforce.ibmcloud.com/vulnerabilities/387573. https://web.archive.org/web/20200228174159/http://www.securityfocus.com/bid/266164. https://web.archive.org/web/20201207224244/https://www.securityfocus.com/archive/1/484240/100/0/threaded5. https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00214.html6. https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00251.html7. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=4536898. http://bugs.gentoo.org/show_bug.cgi?id=2006239. http://em386.blogspot.com/2007/11/your-favorite-better-than-c-scripting.html10. http://securityreason.com/securityalert/340711. http://www.debian.org/security/2007/dsa-143112. http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2008:033/?name=MDVSA-2008:033

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.