ID CVE-2012-4433
Summary Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:gegl:gegl:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:gegl:gegl:0.2.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 856300
title CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment gegl is earlier than 0:0.1.2-4.el6_3
        oval oval:com.redhat.rhsa:tst:20121455005
      • comment gegl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20121455006
    • AND
      • comment gegl-devel is earlier than 0:0.1.2-4.el6_3
        oval oval:com.redhat.rhsa:tst:20121455007
      • comment gegl-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20121455008
rhsa
id RHSA-2012:1455
released 2012-11-12
severity Moderate
title RHSA-2012:1455: gegl security update (Moderate)
rpms
  • gegl-0:0.1.2-4.el6_3
  • gegl-devel-0:0.1.2-4.el6_3
refmap via4
bid 56404
confirm
mandriva MDVSA-2013:081
misc https://bugzilla.redhat.com/show_bug.cgi?id=856300
mlist [oss-security] 20121106 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
sectrack 1027754
secunia
  • 51114
  • 51274
suse openSUSE-SU-2013:0159
xf gegl-ppm-bo(79822)
Last major update 29-08-2017 - 01:32
Published 18-11-2012 - 23:55
Back to Top