Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3481

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-3481
Last Modified 05 Dec 2013 12:15:49
Published 25 Aug 2012 06:29:51
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3481

Summary

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Gimp 2.2

  • Gimp 2.2.14

  • Gimp 2.4.0

  • Gimp 2.4.1

  • Gimp 2.4.2

  • Gimp 2.4.3

  • Gimp 2.4.4

  • Gimp 2.4.5

  • Gimp 2.4.6

  • Gimp 2.4.7

  • Gimp 2.6.0

  • Gimp 2.6.1

  • Gimp 2.6.10

  • Gimp 2.6.11

  • Gimp 2.6.12

  • Gimp 2.6.13

  • Gimp 2.6.2

  • Gimp 2.6.3

  • Gimp 2.6.4

  • Gimp 2.6.5

  • Gimp 2.6.6

  • Gimp 2.6.7

  • Gimp 2.6.8

  • Gimp 2.6.9

  • Gimp 2.8.0

  • Gimp 2.8.2


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=847303

MISC - https://bugzilla.novell.com/show_bug.cgi?id=776572

SECTRACK - 1027411

BID - 55101

MLIST - [oss-security] 20120820 The Gimp GIF plug-in CVE-2012-3481 issue

SECUNIA - 50296

REDHAT - RHSA-2012:1181

REDHAT - RHSA-2012:1180

SUSE - openSUSE-SU-2012:1080

SUSE - SUSE-SU-2012:1038

UBUNTU - USN-1559-1

SUSE - openSUSE-SU-2012:1131

MANDRIVA - MDVSA-2012:142

MANDRIVA - MDVSA-2013:082

Related Patches

Red Hat 2012:1181-01 RHSA Moderate: gimp security update for RHEL 5 x86

Red Hat 2012:1181-01 RHSA Moderate: gimp security update for RHEL 5 x86_64

Novell SUSE 2012:6712 gimp security update for SLED 11 SP1 i586

Novell SUSE 2012:6712 gimp security update for SLED 11 SP1 x86_64

Novell SUSE 2012:8253 gimp security update for SLED 10 SP4 i586

Novell SUSE 2012:8253 gimp security update for SLED 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:32