Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3403

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-3403
Last Modified 05 Dec 2013 12:15:37
Published 25 Aug 2012 06:29:49
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3403

Summary

Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."

Vulnerable Systems

Application

  • Gimp 2.2

  • Gimp 2.2.14

  • Gimp 2.4.0

  • Gimp 2.4.1

  • Gimp 2.4.2

  • Gimp 2.4.3

  • Gimp 2.4.4

  • Gimp 2.4.5

  • Gimp 2.4.6

  • Gimp 2.4.7

  • Gimp 2.6.0

  • Gimp 2.6.1

  • Gimp 2.6.10

  • Gimp 2.6.11

  • Gimp 2.6.12

  • Gimp 2.6.13

  • Gimp 2.6.2

  • Gimp 2.6.3

  • Gimp 2.6.4

  • Gimp 2.6.5

  • Gimp 2.6.6

  • Gimp 2.6.7

  • Gimp 2.6.8

  • Gimp 2.6.9

  • Gimp 2.8.0

  • Gimp 2.8.2


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=839020

SECTRACK - 1027411

BID - 55101

MLIST - [oss-security] 20120820 The Gimp CEL plug-in CVE-2012-3403 issue

SECUNIA - 50296

REDHAT - RHSA-2012:1181

REDHAT - RHSA-2012:1180

SUSE - openSUSE-SU-2012:1080

SUSE - SUSE-SU-2012:1029

UBUNTU - USN-1559-1

MANDRIVA - MDVSA-2012:142

MANDRIVA - MDVSA-2013:082

Related Patches

Red Hat 2012:1181-01 RHSA Moderate: gimp security update for RHEL 5 x86

Red Hat 2012:1181-01 RHSA Moderate: gimp security update for RHEL 5 x86_64

Novell SUSE 2012:6683 gimp security update for SLED 11 SP1 i586

Novell SUSE 2012:6683 gimp security update for SLED 11 SP1 x86_64

Novell SUSE 2012:8251 gimp security update for SLED 10 SP4 i586

Novell SUSE 2012:8251 gimp security update for SLED 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:32