CVE-2012-3403

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 25-08-2012 12:29

Last modified: - 07-02-2022 07:46

Total changes: - 2

Description

Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

6.8

Base score

8.6

6.4

Exploitability score

Impact score

Verification logic

vendor=gimp AND product=gimp AND versionEndIncluding=2.8.0

Reference

RHSA-2012:1180-Third Party Advisory
RHSA-2012:1181-Third Party Advisory
1027411-Broken Link, Third Party Advisory, VDB Entry
55101-Broken Link, Third Party Advisory, VDB Entry
[oss-security] 20120820 The Gimp CEL plug-in CVE-2012-3403 issue-Mailing List, Third Party Advisory
50296-Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=839020
SUSE-SU-2012:1029-Third Party Advisory
openSUSE-SU-2012:1080-Third Party Advisory
USN-1559-1-Third Party Advisory
MDVSA-2012:142-Broken Link
MDVSA-2013:082-Broken Link

Keywords

CVE-2012-3403

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-3403

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures