Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2370

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2370
Last Modified 14 Jan 2013 11:30:12
Published 13 Aug 2012 04:55:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2370

Summary

Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Gnome Gdk-pixbuf 2.23.3

  • Gnome Gdk-pixbuf 2.23.4

  • Gnome Gdk-pixbuf 2.23.5

  • Gnome Gdk-pixbuf 2.24.0

  • Gnome Gdk-pixbuf 2.24.1

  • Gnome Gdk-pixbuf 2.25.0

  • Gnome Gdk-pixbuf 2.25.2

  • Gnome Gdk-pixbuf 2.26.0


References

MISC - https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150

XF - gdkpixbuf-readbitmapfiledata-bo(75578)

MLIST - [oss-security] 20120515 Re: CVE Request: gdk-pixbuf Integer overflow in XBM file loader

MLIST - [oss-security] 20120515 CVE Request: gdk-pixbuf Integer overflow in XBM file loader

GENTOO - GLSA-201206-20

SECUNIA - 49715

SECUNIA - 49125

CONFIRM - http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516

CONFIRM - http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22

MISC - http://git.gnome.org/browse/gdk-pixbuf/

BID - 53548

REDHAT - RHSA-2013:0135

Related Patches

Red Hat 2013:0135-01 RHSA Low: gtk2 security and bug fix update for RHEL 5 x86

Novell SUSE 2012:6367 gdk-pixbuf security update for SLED 11 SP1 i586

Novell SUSE 2012:6367 gdk-pixbuf security update for SLED 11 SP1 x86_64

Novell SUSE 2012:6389 gtk2 security update for SLE 11 SP1 i586

Novell SUSE 2012:6389 gtk2 security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6390 gtk2 security update for SLE 11 SP2 i586

Novell SUSE 2012:6390 gtk2 security update for SLE 11 SP2 x86_64

Novell SUSE 2012:8158 gdk-pixbuf security update for SLE 10 SP4 i586

Novell SUSE 2012:8158 gdk-pixbuf security update for SLE 10 SP4 x86_64

Novell SUSE 2012:8174 gtk2 security update for SLE 10 SP4 i586

Novell SUSE 2012:8174 gtk2 security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:51:40