The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of GTK+

computer vulnerability note CVE-2013-7447

GTK+: integer overflow of gdk_cairo_set_source_pixbuf

Synthesis of the vulnerability

An attacker can generate an integer overflow in gdk_cairo_set_source_pixbuf of GTK+, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, GTK+, openSUSE, openSUSE Leap, Solaris, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/02/2016.
Identifiers: bulletinjul2016, CVE-2013-7447, FEDORA-2016-330bfc0338, openSUSE-SU-2016:0647-1, openSUSE-SU-2016:2366-1, openSUSE-SU-2016:2374-1, USN-2898-1, USN-2898-2, VIGILANCE-VUL-18929.

Description of the vulnerability

The GTK+ product embeds the graphic library gdk.

This one notably manages image display. However, if the image dimensions are too large, a multiplication overflows, and an allocated memory area is too small compared to the source image.

An attacker can therefore generate an integer overflow in gdk_cairo_set_source_pixbuf of GTK+, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 9306

GTK+: unlocking gnome-screensaver

Synthesis of the vulnerability

In some cases, a local attacker can unlock gnome-screensaver.
Impacted products: Fedora, GTK+.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user console.
Creation date: 21/12/2009.
Identifiers: 446395, 598476, BID-37411, FEDORA-2009-12950, VIGILANCE-VUL-9306.

Description of the vulnerability

The GTK+ (GIMP Toolkit) library is used to create user interfaces.

The gnome-screensaver program locks the screen and displays a drawing.

When the user enters an invalid password, gnome-screensaver asks GTK+ to restart the drawing. However, the gdk_window_begin_implicit_paint() function of the gdk/gdkwindow.c file tries to use a previously freed resource, which creates a fatal error, and stops gnome-screensaver.

In some cases, a local attacker can thus unlock the screen, in order to access to a user's session.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about GTK+: