Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3402

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-3402
Last Modified 14 May 2013 11:27:49
Published 25 Aug 2012 06:29:49
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3402

Summary

Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909.

Vulnerable Systems

Application

  • Gimp 2.0

  • Gimp 2.2

  • Gimp 2.2.13


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=838941

MISC - https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff

SECTRACK - 1027411

MLIST - [oss-security] 20120820 The Gimp PSD plug-in CVE-2012-3402 issue

REDHAT - RHSA-2012:1181

GENTOO - GLSA-201209-23

SECUNIA - 50737

Related Patches

Red Hat 2012:1181-01 RHSA Moderate: gimp security update for RHEL 5 x86

Red Hat 2012:1181-01 RHSA Moderate: gimp security update for RHEL 5 x86_64

Novell SUSE 2012:8251 gimp security update for SLED 10 SP4 i586

Novell SUSE 2012:8251 gimp security update for SLED 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:19