Bugzilla – Bug 966682
VUL-0: CVE-2013-7447: gtk2, gtk3: Integer overflow in image handling
Last modified: 2017-07-11 22:37:26 UTC
Quoting RH BZ: "An integer overflow vulnerability in gtk+2.0 and gtk+3.0 in image handling was found when supplying large pixbufs to gdk_cairo_set_source_pixbuf, gdkcairo tries to allocate an immense number of bytes. Upstream patch: https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 " References: https://bugzilla.redhat.com/show_bug.cgi?id=1306681 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7447 http://seclists.org/oss-sec/2016/q1/306 http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7447.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7447
bugbot adjusting priority
Apparently also affecting eog >= 3.16, fixed in 3.16.4: https://mail.gnome.org/archives/ftp-release-list/2016-February/msg00022.html
MR sent https://build.opensuse.org/request/show/361117 This is for 13.2 and Leap. Evergreen team should probably be notified too, so they can look into doing a backport for eog in their care.
openSUSE-SU-2016:0647-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 966682 CVE References: CVE-2013-7447 Sources used: openSUSE Leap 42.1 (src): eog-3.16.4-6.1 openSUSE 13.2 (src): eog-3.14.5-10.1
can you also check if this affects the SLE gtk2 / gdk-pixbufs versions?
This is an autogenerated message for OBS integration: This bug (966682) was mentioned in https://build.opensuse.org/request/show/427957 42.1 / gtk2 https://build.opensuse.org/request/show/427958 13.2 / gtk2
This is an autogenerated message for OBS integration: This bug (966682) was mentioned in https://build.opensuse.org/request/show/428307 42.1 / gtk2-engines https://build.opensuse.org/request/show/428308 13.2 / gtk2-engines
This is an autogenerated message for OBS integration: This bug (966682) was mentioned in https://build.opensuse.org/request/show/428327 13.2 / gtk2-branding-openSUSE https://build.opensuse.org/request/show/428329 42.1 / gtk2-branding-openSUSE
This is an autogenerated message for OBS integration: This bug (966682) was mentioned in https://build.opensuse.org/request/show/428330 13.2 / gtk2-branding-openSUSE
openSUSE-SU-2016:2366-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 966682,999375 CVE References: CVE-2013-7447 Sources used: openSUSE 13.2 (src): gtk2-2.24.31-4.17.2, gtk2-branding-SLED-13.2-14.3, gtk2-branding-openSUSE-13.2-14.3, gtk2-engines-2.20.2-18.14.3
openSUSE-SU-2016:2374-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 966682,999375 CVE References: CVE-2013-7447 Sources used: openSUSE Leap 42.1 (src): gtk2-2.24.31-11.2, gtk2-branding-SLED-42.1-13.1, gtk2-branding-openSUSE-42.1-13.1, gtk2-engines-2.20.2-29.3
SUSE-SU-2016:2532-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 966682,988745,991450 CVE References: CVE-2013-7447,CVE-2016-6352 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): gtk2-2.18.9-0.44.1 SUSE Linux Enterprise Server 11-SP4 (src): gtk2-2.18.9-0.44.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): gtk2-2.18.9-0.44.1
SUSE-SU-2016:2550-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 966682 CVE References: CVE-2013-7447 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): gtk2-2.24.24-3.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): gtk2-2.24.24-3.1 SUSE Linux Enterprise Server 12-SP1 (src): gtk2-2.24.24-3.1 SUSE Linux Enterprise Desktop 12-SP1 (src): gtk2-2.24.24-3.1
fixed