RubySec

Providing security resources for the Ruby community

CVE-2007-6183 (gtk2): CVE-2007-6183 ruby-gnome2: format string vulnerability

ADVISORIES

GEM

gtk2

SEVERITY

CVSS v2.0: 6.8 (Medium)

PATCHED VERSIONS

  • > 0.16.0

DESCRIPTION

Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.