CVE-2013-1978

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 12-12-2013 07:55

Last modified: - 07-02-2022 08:09

Total changes: - 2

Description

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

6.8

Base score

8.6

6.4

Exploitability score

Impact score

Verification logic

AND

vendor=gimp AND product=gimp AND versionEndIncluding=2.6.9

vendor=gnome AND product=glib AND versionEndIncluding=2.24.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6.0

Reference

RHSA-2013:1778-Third Party Advisory, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=953902
64098-Broken Link, VDB Entry
GLSA-201603-01-Third Party Advisory
USN-2051-1-Third Party Advisory
DSA-2813-Third Party Advisory

Keywords

CVE-2013-1978

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2013-1978

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures