Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4433

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-4433
Last Modified 05 Dec 2013 12:17:44
Published 18 Nov 2012 06:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4433

Summary

Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Gegl 0.2.0


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=856300

XF - gegl-ppm-bo(79822)

SECTRACK - 1027754

BID - 56404

MLIST - [oss-security] 20121106 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers

SECUNIA - 51274

SECUNIA - 51114

REDHAT - RHSA-2012:1455

CONFIRM - http://git.gnome.org/browse/gegl/commit/?id=4757cdf73d3675478d645a3ec8250ba02168a230

CONFIRM - http://git.gnome.org/browse/gegl/commit/?id=1e92e5235ded0415d555aa86066b8e4041ee5a53

SUSE - openSUSE-SU-2013:0159

MANDRIVA - MDVSA-2013:081


Last Updated: 27 May 2016 10:56:40