ruby-gnome2

• Author: voroskoi
• Vulnerable: 0.16.0-3
• Unaffected: 0.16.0-4sayshell1

Chris Rohlf has reported a vulnerability in Ruby-GNOME2, which can potentially be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a format string error within the “Gtk::MessageDialog.new()” method in gtk/src/rbgtkmessagedialog.c and can potentially be exploited to execute arbitrary code when a specially crafted string is passed to the affected function. NOTE: Exploitation and impact of this vulnerability depend on how an application uses the affected function of the vulnerable library.

• Bug Tracker URL: http://bugs.frugalware.org/task/2650

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6183