Debian Gtk+2.0 vulnerabilities

CVE-2024-6655 [HIGH] CVE-2024-6655: gtk+2.0 - A flaw was found in the GTK library. Under certain conditions, it is possible fo... A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory. Scope: local bookworm: resolved (fixed in 2.24.33-2+deb12u1) bullseye: resolved (fixed in 2.24.33-2+deb11u1) forky: resolved (fixed in 2.24.33-5) sid: resolved (fixed in 2.24.33-5) trixie: resolved (fixed

CVE-2015-7674 [MEDIUM] CVE-2015-7674: gdk-pixbuf - Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-... Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.32.1-1) bullseye: resolved (fixed in

CVE-2015-4491 [MEDIUM] CVE-2015-4491: gdk-pixbuf - Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pix... Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafte

CVE-2015-7673 [MEDIUM] CVE-2015-7673: gdk-pixbuf - io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation faile... io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. Scope: local bookworm: resolved (fixed in 2.32.0-1) bullseye: resolved (fixed in 2.32.0-1) fo

CVE-2014-1949 [HIGH] CVE-2014-1949: cinnamon - GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and... GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. Scope: local bookworm: resolved (fixed in 2.2.14-1) bullseye: resolved (fixed in 2.2.14-1) forky: resolved (fixed in 2.2.14-1) sid: resolved (fixed in 2.2.14-1) trixie: resolv

CVE-2013-7447 [MEDIUM] CVE-2013-7447: gtk+2.0 - Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c i... Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation. Scope: local bookworm: resolved (fixed in 2.2

CVE-2010-0732 [MEDIUM] CVE-2010-0732: gtk+2.0 - gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.... gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. Scope: local bo

CVE-2010-4831 [MEDIUM] CVE-2010-4831: gtk+2.0 - Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before... Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2010-4833 [MEDIUM] CVE-2010-4833: gtk+2.0 - Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in ... Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2009-0848 [MEDIUM] CVE-2009-0848: gtk+2.0 - Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows loc... Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2007-0010 [LOW] CVE-2007-0010: gtk+2.0 - The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.1... The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. Scope: local bookworm: resolved (fixed in 2.8.20-5) bullseye: resolved (fixed in 2.8.20-5) forky: resolved (fixed in 2.8.20-5) sid: resolved (fixed in 2.8.20-5) trixie: resolved (fixed in 2

CVE-2005-0891 [HIGH] CVE-2005-0891: gdk-pixbuf - Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers t... Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. Scope: local bookworm: resolved (fixed in 0.22.0-7.1) bullseye: resolved (fixed in 0.22.0-7.1) forky: resolved (fixed in 0.22.0-7.1) sid: resolved (fixed in 0.22.0-7.1) trixie: resolved (fixed in 0.22.0-7.1)

CVE-2005-3186 [HIGH] CVE-2005-3186: gdk-pixbuf - Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.... Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 0.22.0-11) bullseye: resolved (fixed in 0.22.0-11) forky: resolved

CVE-2005-2976 [HIGH] CVE-2005-2976: gdk-pixbuf - Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows at... Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. Scope: local bookworm: resolved (fixed in 0.22.0-11) bullseye: resolved (fixed in 0.22.0-11) forky: resolved

CVE-2005-2975 [HIGH] CVE-2005-2975: gdk-pixbuf - io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allo... io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors. Scope: local bookworm: resolved (fixed in 0.22.0-11) bullseye: resolved (fixed in 0.22.0-11) forky: resolved (fixed in 0.22.0-11) sid: resolved (fixed in 0.22.0-11) trixie: r

CVE-2004-0782 [HIGH] CVE-2004-0782: gdk-pixbuf - Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder f... Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different

CVE-2004-0783 [HIGH] CVE-2004-0783: gtk+2.0 - Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image dec... Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). Scope: local book

CVE-2004-0788 [MEDIUM] CVE-2004-0788: gdk-pixbuf - Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2)... Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file. Scope: local bookworm: resolved (fixed in 0.22.0-7) bullseye: resolved (fixed in 0.22.0-7) forky: resolved (fixed in 0.22.0-7) sid: resolved (fixed in 0.22.0-7) trixie: