VDB
CVE-2013-7447
CVE-2013-7447
PUBLISHED
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
EPSS 4.43% · 89.2th percentile
Risk Scores
EPSS Score
4.43%
89.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | gnome-photos | 0, 3.18.1-1build1, 3.18.2-1 |
| Ubuntu:18.04:LTS | pinpoint | 0, 1:0.1.8-3 |
| Ubuntu:14.04:LTS | gtk+2.0 | 2.24.22-1ubuntu1, 0, 2.24.20-1ubuntu1 |
| Ubuntu:24.04:LTS | pinpoint | 0, 1:0.1.8-6build1, 1:0.1.8-6build2 |
| Ubuntu:25.10 | pinpoint | 0, * |
| Ubuntu:20.04:LTS | pinpoint | 0, 1:0.1.8-4 |
| Ubuntu:25.10 | gambas3 | 3.20.4-1, 3.20.4-1build1, 3.20.2-1build1 |
| Ubuntu:22.04:LTS | pinpoint | 1:0.1.8-4, 0, 1:0.1.8-5 |
| Ubuntu:16.04:LTS | gambas3 | 0, 3.5.4-2ubuntu5, 3.5.4-2ubuntu11 |
| Ubuntu:16.04:LTS | eog | 3.18.0-1ubuntu2, 3.18.0-1ubuntu1, 3.16.3-1ubuntu2 |
| Ubuntu:16.04:LTS | thunar | 1.6.10-2, 1.6.11-0ubuntu0.16.04.2, 0 |
| Ubuntu:24.04:LTS | gambas3 | 3.18.3-1ubuntu1, 3.18.3-1ubuntu2, 0 |
| Ubuntu:20.04:LTS | gambas3 | 3.14.3-2ubuntu3, 3.14.3-1ubuntu1, 3.14.3-1build1 |
| Ubuntu:16.04:LTS | pinpoint | 0, 1:0.1.8-2, 1:0.1.6-1 |
| Ubuntu:22.04:LTS | gambas3 | 3.16.2-3build1, 0, 3.16.3-2 |
| Ubuntu:14.04:LTS | eog | 3.10.2-0ubuntu3, 0, 3.8.2-1ubuntu1 |
Exploit Intelligence
- https://github.com/mate-desktop/eom/issues/93 (circl)
- USN-2898-2 (circl)
- [oss-security] 20160210 Re: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0 (circl)
- USN-2898-1 (circl)
- https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811 (circl)
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html (circl)
- openSUSE-SU-2016:0647 (circl)
- https://git.gnome.org/browse/gtk+/tree/NEWS (circl)
- 83239 (circl)
- [oss-security] 20160209 CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0 (circl)
…and 2 more exploits
Timeline
- Dec 31, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-7447 third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/02/10/2 third-party-advisory
- https://ubuntu.com/security/notices/USN-2898-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2898-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-7447 third-party-advisory