ID CVE-2012-4433
Summary Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • GEGL (Generic Graphics Library) 0.2.0
    cpe:2.3:a:gegl:gegl:0.2.0
CVSS
Base: 7.5 (as of 19-11-2012 - 15:26)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-12115.NASL
    description This update contains the following changes : - Fix buffer overflow in and add plausibility checks to the ppm-load operation. - Fix multi-lib issue where content of generated documentation could differ between architectures. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 67338
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67338
    title Fedora 19 : gegl-0.2.0-11.fc19 (2013-12115)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-270-01.NASL
    description New gegl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2018-09-01
    modified 2017-09-28
    plugin id 103516
    published 2017-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103516
    title Slackware 14.0 / 14.1 / 14.2 / current : gegl (SSA:2017-270-01)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1455.NASL
    description Updated gegl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. GEGL (Generic Graphics Library) is a graph-based image processing framework. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code. (CVE-2012-4433) This issue was discovered by Murray McAllister of the Red Hat Security Response Team. Users of gegl should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62910
    published 2012-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62910
    title CentOS 6 : gegl (CESA-2012:1455)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1455.NASL
    description From Red Hat Security Advisory 2012:1455 : Updated gegl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. GEGL (Generic Graphics Library) is a graph-based image processing framework. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code. (CVE-2012-4433) This issue was discovered by Murray McAllister of the Red Hat Security Response Team. Users of gegl should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68655
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68655
    title Oracle Linux 6 : gegl (ELSA-2012-1455)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1455.NASL
    description Updated gegl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. GEGL (Generic Graphics Library) is a graph-based image processing framework. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code. (CVE-2012-4433) This issue was discovered by Murray McAllister of the Red Hat Security Response Team. Users of gegl should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62897
    published 2012-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62897
    title RHEL 6 : gegl (RHSA-2012:1455)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-12075.NASL
    description This update contains the following changes : - Fix buffer overflow in and add plausibility checks to the ppm-load operation. - Fix multi-lib issue where content of generated documentation could differ between architectures. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 67335
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67335
    title Fedora 17 : gegl-0.2.0-11.fc17 (2013-12075)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-12108.NASL
    description This update contains the following changes : - Fix buffer overflow in and add plausibility checks to the ppm-load operation. - Fix multi-lib issue where content of generated documentation could differ between architectures. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 67337
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67337
    title Fedora 18 : gegl-0.2.0-11.fc18 (2013-12108)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0694-1.NASL
    description This update for gegl fixes the following issues: Security issue fixed : - Fix CVE-2012-4433: Fix buffer overflow in and add plausibility checks to ppm-load op (bsc#789835). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 97771
    published 2017-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97771
    title SUSE SLED12 Security Update : gegl (SUSE-SU-2017:0694-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-841.NASL
    description Fix integer overflow by parsing PPM image. (bnc#789835, CVE-2012-4433)
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 74835
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74835
    title openSUSE Security Update : gegl (openSUSE-SU-2012:1627-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-081.NASL
    description Updated gegl packages fix security vulnerability : An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code (CVE-2012-4433).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66095
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66095
    title Mandriva Linux Security Advisory : gegl (MDVSA-2013:081)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20121112_GEGL_ON_SL6_X.NASL
    description An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code. (CVE-2012-4433)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 62898
    published 2012-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62898
    title Scientific Linux Security Update : gegl on SL6.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201310-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201310-05 (GEGL: User-assisted execution of arbitrary code) Multiple integer overflows in GEGL may cause a heap-based buffer overflow. Impact : A remote attacker could entice a user to open a specially crafted PPM image using an application linked against GEGL, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70311
    published 2013-10-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70311
    title GLSA-201310-05 : GEGL: User-assisted execution of arbitrary code
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_GEGL_20130716.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow. (CVE-2012-4433)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80617
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80617
    title Oracle Solaris Third-Party Patch Update : gegl (multiple_integer_overflow_vulnerabilities_in)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-388.NASL
    description This update for gegl fixes the following issues : Security issue fixed : - Fix CVE-2012-4433: Fix buffer overflow in and add plausibility checks to ppm-load op (bsc#789835). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2017-03-28
    plugin id 99020
    published 2017-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99020
    title openSUSE Security Update : gegl (openSUSE-2017-388)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0696-1.NASL
    description This update for gegl fixes the following issues: Security issue fixed : - Fix CVE-2012-4433: Fix buffer overflow in and add plausibility checks to ppm-load op (bsc#789835). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 97773
    published 2017-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97773
    title SUSE SLED12 Security Update : gegl (SUSE-SU-2017:0696-1)
redhat via4
advisories
bugzilla
id 856300
title CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment gegl is earlier than 0:0.1.2-4.el6_3
        oval oval:com.redhat.rhsa:tst:20121455005
      • comment gegl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20121455006
    • AND
      • comment gegl-devel is earlier than 0:0.1.2-4.el6_3
        oval oval:com.redhat.rhsa:tst:20121455007
      • comment gegl-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20121455008
rhsa
id RHSA-2012:1455
released 2012-11-12
severity Moderate
title RHSA-2012:1455: gegl security update (Moderate)
rpms
  • gegl-0:0.1.2-4.el6_3
  • gegl-devel-0:0.1.2-4.el6_3
refmap via4
bid 56404
confirm
mandriva MDVSA-2013:081
misc https://bugzilla.redhat.com/show_bug.cgi?id=856300
mlist [oss-security] 20121106 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
sectrack 1027754
secunia
  • 51114
  • 51274
suse openSUSE-SU-2013:0159
xf gegl-ppm-bo(79822)
Last major update 05-12-2013 - 00:17
Published 18-11-2012 - 18:55
Last modified 28-08-2017 - 21:32
Back to Top