CVE-2007-0010

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/31621	Broken Link
http://secunia.com/advisories/23884	Broken Link
http://secunia.com/advisories/23933	Broken Link
http://secunia.com/advisories/23935	Broken Link
http://secunia.com/advisories/23984	Broken Link
http://secunia.com/advisories/24006	Broken Link
http://secunia.com/advisories/24010	Broken Link
http://secunia.com/advisories/24095	Broken Link
http://securitytracker.com/id?1017552	Broken Link Third Party Advisory VDB Entry
http://www.mandriva.com/security/advisories?name=MDKSA-2007:039	Broken Link
http://www.novell.com/linux/security/advisories/2007_02_sr.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0019.html	Broken Link Vendor Advisory
http://www.securityfocus.com/bid/22209	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-415-1	Third Party Advisory
http://www.vupen.com/english/advisories/2007/0331	Broken Link
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932	Issue Tracking Vendor Advisory
https://issues.rpath.com/browse/RPL-984	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10325	Tool Signature
https://www.debian.org/security/2007/dsa-1256	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:gtk:*:*:*:*:*:*:*:*

History

07 Feb 2022, 17:28

Type	Values Removed	Values Added
References	~~(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:039 -~~	(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:039 - Broken Link
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10325 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10325 - Tool Signature
References	~~(SECUNIA) http://secunia.com/advisories/23933 -~~	(SECUNIA) http://secunia.com/advisories/23933 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/23884 -~~	(SECUNIA) http://secunia.com/advisories/23884 - Broken Link
References	~~(OSVDB) http://osvdb.org/31621 -~~	(OSVDB) http://osvdb.org/31621 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/23935 -~~	(SECUNIA) http://secunia.com/advisories/23935 - Broken Link
References	~~(DEBIAN) https://www.debian.org/security/2007/dsa-1256 -~~	(DEBIAN) https://www.debian.org/security/2007/dsa-1256 - Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/24006 -~~	(SECUNIA) http://secunia.com/advisories/24006 - Broken Link
References	~~(UBUNTU) http://www.ubuntu.com/usn/usn-415-1 -~~	(UBUNTU) http://www.ubuntu.com/usn/usn-415-1 - Third Party Advisory
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2007-0019.html - Vendor Advisory~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2007-0019.html - Broken Link, Vendor Advisory
References	~~(BID) http://www.securityfocus.com/bid/22209 -~~	(BID) http://www.securityfocus.com/bid/22209 - Broken Link, Third Party Advisory, VDB Entry
References	~~(SECUNIA) http://secunia.com/advisories/24095 -~~	(SECUNIA) http://secunia.com/advisories/24095 - Broken Link
References	~~(SECTRACK) http://securitytracker.com/id?1017552 -~~	(SECTRACK) http://securitytracker.com/id?1017552 - Broken Link, Third Party Advisory, VDB Entry
References	~~(CONFIRM) https://issues.rpath.com/browse/RPL-984 -~~	(CONFIRM) https://issues.rpath.com/browse/RPL-984 - Broken Link
References	~~(SUSE) http://www.novell.com/linux/security/advisories/2007_02_sr.html -~~	(SUSE) http://www.novell.com/linux/security/advisories/2007_02_sr.html - Broken Link
References	~~(CONFIRM) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932 - Vendor Advisory~~	(CONFIRM) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932 - Issue Tracking, Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/23984 -~~	(SECUNIA) http://secunia.com/advisories/23984 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/24010 -~~	(SECUNIA) http://secunia.com/advisories/24010 - Broken Link
References	~~(VUPEN) http://www.vupen.com/english/advisories/2007/0331 -~~	(VUPEN) http://www.vupen.com/english/advisories/2007/0331 - Broken Link
First Time		Gnome Gnome gtk
CPE	cpe:2.3:a:the_gimp_team:gimp_toolkit:2.4.12:::::::*	cpe:2.3:a:gnome:gtk::::::::
CWE	~~NVD-CWE-Other~~	NVD-CWE-noinfo

Information

Published : 2007-01-24 19:28

Updated : 2023-12-10 10:40

NVD link : CVE-2007-0010

Mitre link : CVE-2007-0010

CVE.ORG link : CVE-2007-0010

JSON object : View

Products Affected

gnome

gtk

CWE

NVD-CWE-noinfo

{"id": "CVE-2007-0010", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-24T19:28:00.000", "references": [{"url": "http://osvdb.org/31621", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/23884", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/23933", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/23935", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/23984", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24006", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24010", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24095", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1017552", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:039", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0019.html", "tags": ["Broken Link", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/22209", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-415-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/0331", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-984", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10325", "tags": ["Tool Signature"], "source": "secalert@redhat.com"}, {"url": "https://www.debian.org/security/2007/dsa-1256", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file."}, {"lang": "es", "value": "La funci\u00f3n GdkPixbufLoader del GIMP ToolKit (GTK+) en el GTK 2 (gtk2) en versiones anteriores a la 2.4.13 atacantes dependiendo del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un fichero de imagen mal formado."}], "lastModified": "2022-02-07T17:28:12.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gtk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DA41048-8B29-49A9-B8CD-8ED77C88C3A4", "versionEndExcluding": "2.4.13"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "secalert@redhat.com"}