Vulnerability in Gnome Gtk

CVE-2010-0732

gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proxim…

Vulnerability class: Race Condition

EPSS: 0.000 (12.8th percentile) — read the EPSS interpretation.

Affected products

Gnome Gtk
Gnome Screensaver
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
SUSE-SR:2010:008 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
39317 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
secalert@redhat.com (x_refsource_MISC, Third Party Advisory)
MDVSA-2010:109 (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
[oss-security] 20100212 CVE Request: gnome-screensaver termination by pressing "Enter" (mailing-list, x_refsource_MLIST, Mailing List)
[oss-security] 20100305 Re: CVE Request: gnome-screensaver termination by pressing "Enter" (mailing-list, x_refsource_MLIST, Patch, Mailing List)