Medium severity6.5NVD Advisory· Published Feb 17, 2016· Updated May 6, 2026
CVE-2013-7447
CVE-2013-7447
Description
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
Affected products
15cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*
- osv-coords11 versionspkg:rpm/opensuse/eog&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/gtk2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/lasem&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/gtk2&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1
< 3.20.5-1.1+ 10 more
- (no CPE)range: < 3.20.5-1.1
- (no CPE)range: < 2.24.31-1.2
- (no CPE)range: < 0.4.4-2.13
- (no CPE)range: < 2.24.24-3.1
- (no CPE)range: < 2.18.9-0.44.1
- (no CPE)range: < 2.24.24-3.1
- (no CPE)range: < 2.18.9-0.44.1
- (no CPE)range: < 2.24.24-3.1
- (no CPE)range: < 2.18.9-0.44.1
- (no CPE)range: < 2.24.24-3.1
- (no CPE)range: < 2.24.24-3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- git.gnome.org/browse/gtk+/tree/NEWSnvdPatch
- www.ubuntu.com/usn/USN-2898-1nvdVendor Advisory
- www.ubuntu.com/usn/USN-2898-2nvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2016-03/msg00010.htmlnvd
- www.openwall.com/lists/oss-security/2016/02/10/2nvd
- www.openwall.com/lists/oss-security/2016/02/10/6nvd
- www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvd
- www.securityfocus.com/bid/83239nvd
- bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811nvd
- bugzilla.gnome.org/show_bug.cginvd
- git.gnome.org/browse/gtk+/commitnvd
- github.com/mate-desktop/eom/issues/93nvd
News mentions
0No linked articles in our index yet.