Fluid Attacks Database

Description

Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	gtk+2.0	>=0 <2.24.30-1.1	2.24.30-1.1
debian 11	gtk+3.0	>=0 <3.10.7-1	3.10.7-1
debian 13	gtk+2.0	>=0 <2.24.30-1.1	2.24.30-1.1
debian 14	gtk+2.0	>=0 <2.24.30-1.1	2.24.30-1.1
debian 14	gtk+3.0	>=0 <3.10.7-1	3.10.7-1
rpm rhel6	gtk2	-	-
debian 11	gtk+2.0	>=0 <2.24.30-1.1	2.24.30-1.1
debian 12	gtk+3.0	>=0 <3.10.7-1	3.10.7-1
debian 13	gtk+3.0	>=0 <3.10.7-1	3.10.7-1
rpm rhel5	gtk2	-	-

1-10 of 11

Aliases

1. CVE-2013-74472. NVD-2013-74473. OSV-DEBIAN-2013-74474. OSV-2013-74475. SECURITY-TRACKER-CVE-2013-7447

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.