Executive Summary

Summary
Title GTK vulnerability
Informations
NameUSN-415-1First vendor Publication2007-02-01
VendorUbuntuLast vendor Modification2007-02-01
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score2.1Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score3.9AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
libgtk2.0-0 2.8.6-0ubuntu2.2

Ubuntu 6.06 LTS:
libgtk2.0-0 2.8.20-0ubuntu1.1

Ubuntu 6.10:
libgtk2.0-0 2.10.6-0ubuntu3.1

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

A flaw was discovered in the error handling of GTK's image loading
library. Applications opening certain corrupted images could be made to
crash, causing a denial of service.


Original Source

Url : http://www.ubuntu.com/usn/USN-415-1

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10325
 
Oval ID: oval:org.mitre.oval:def:10325
Title: The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
Description: The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0010
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Open Source Vulnerability Database (OSVDB)

idDescription
31621GTK+ GdkPixbufLoader Image Handling DoS