---
gem: gtk2
cve: 2007-6183
osvdb: 40774
url: http://osvdb.org/show/osvdb/40774
title:
  Ruby-GNOME2 gtk/src/rbgtkmessagedialog.c Gtk::MessageDialog.new() Function
  Format String 
date: 2007-11-27

description: |
  Format string vulnerability in the mdiag_initialize function in
  gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and
  SVN versions before 20071127, allows context-dependent attackers to execute
  arbitrary code via format string specifiers in the message parameter.

cvss_v2: 6.8

patched_versions:
  - "> 0.16.0"