ID CVE-2012-2370
Summary Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:gdk-pixbuf:2.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.23.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.23.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.23.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.23.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.23.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.25.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.25.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gdk-pixbuf:2.22.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 822468
title CVE-2012-2370 gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment gtk2 is earlier than 0:2.10.4-29.el5
        oval oval:com.redhat.rhsa:tst:20130135002
      • comment gtk2 is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20130135003
    • AND
      • comment gtk2-devel is earlier than 0:2.10.4-29.el5
        oval oval:com.redhat.rhsa:tst:20130135004
      • comment gtk2-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20130135005
rhsa
id RHSA-2013:0135
released 2013-01-08
severity Low
title RHSA-2013:0135: gtk2 security and bug fix update (Low)
rpms
  • gtk2-0:2.10.4-29.el5
  • gtk2-devel-0:2.10.4-29.el5
refmap via4
bid 53548
confirm
gentoo GLSA-201206-20
misc
mlist
  • [oss-security] 20120515 CVE Request: gdk-pixbuf Integer overflow in XBM file loader
  • [oss-security] 20120515 Re: CVE Request: gdk-pixbuf Integer overflow in XBM file loader
secunia
  • 49125
  • 49715
xf gdkpixbuf-readbitmapfiledata-bo(75578)
vulnerable_product via4
  • cpe:2.3:a:gnome:gdk-pixbuf:2.23.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.23.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.23.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.25.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gdk-pixbuf:2.22.1:*:*:*:*:*:*:*
Last major update 29-08-2017 - 01:31
Published 13-08-2012 - 20:55
Back to Top