CVE-2012-3481

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 25-08-2012 12:29

Last modified: - 07-02-2022 07:48

Total changes: - 2

Description

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

6.8

Base score

8.6

6.4

Exploitability score

Impact score

Verification logic

vendor=gimp AND product=gimp AND versionEndIncluding=2.8.0

Reference

50296-Broken Link
55101-Third Party Advisory, VDB Entry
1027411-Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=847303
RHSA-2012:1180-Third Party Advisory
https://bugzilla.novell.com/show_bug.cgi?id=776572
[oss-security] 20120820 The Gimp GIF plug-in CVE-2012-3481 issue-Mailing List, Third Party Advisory
RHSA-2012:1181-Third Party Advisory
SUSE-SU-2012:1038-Third Party Advisory
openSUSE-SU-2012:1080-Third Party Advisory
USN-1559-1-Third Party Advisory
openSUSE-SU-2012:1131-Third Party Advisory
MDVSA-2012:142-Broken Link
MDVSA-2013:082-Broken Link

Keywords

CVE-2012-3481

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2012-3481

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures