exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2012-3481

Status Candidate

Overview

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Related Files

Gentoo Linux Security Advisory 201311-05
Posted Nov 11, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-5 - Multiple vulnerabilities have been found in GIMP, the worst of which allow execution of arbitrary code. Versions less than 2.8.2-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-3403, CVE-2012-3481, CVE-2012-5576
SHA-256 | 6027eff1e8bb15ee68e35cb814bc51fa21d963ae32867db42a12f347a935c593
Mandriva Linux Security Advisory 2013-082
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-082 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service via a malformed XTENSION header of a.fit file, as demonstrated using a long string.GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Additionally it fixes partial translations in several languages. This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-3481, CVE-2012-3403, CVE-2012-3236, CVE-2012-5576
SHA-256 | 5eaae2aec299f35149b65e15fa71b0de901e1c8a4e1982ea1ee6034c3c19b62e
Ubuntu Security Notice USN-1559-1
Posted Sep 10, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1559-1 - Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3236, CVE-2012-3403, CVE-2012-3481, CVE-2012-3236, CVE-2012-3403, CVE-2012-3481
SHA-256 | 424758cfe93d12a6c3cbc07557e8d64b2fd4af1f52d8a7be6d7a538b7429cd20
Mandriva Linux Security Advisory 2012-142
Posted Aug 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-142 - A heap-based buffer overflow flaw, leading to invalid free, was found in the way KISS CEL file format plug-in of Gimp, the GNU Image Manipulation Program, performed loading of certain palette files. A remote attacker could provide a specially-crafted KISS palette file that, when opened in Gimp would cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the gimp executable. Integer overflow, leading to heap-based buffer overflow flaw was found in the GIMP's GIF image file plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. The updated gimp packages have been upgraded to the 2.6.12 version and patched to correct these issues. Additionally for Mandriva Enterprise server 5 the gegl packages was upgraded to the 0.0.22 version and rebuilt for ffmpeg 0.5.9, the enscript packages was added because of a build dependency, the gutenprint and mtink packages was rebuilt against the gimp 2.6.12 libraries.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-3403, CVE-2012-3481
SHA-256 | aec214e418fa063224a016dcb76fa86d1ca6e8c1157010ee36b64648e14af80d
Red Hat Security Advisory 2012-1180-01
Posted Aug 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1180-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-2896, CVE-2012-3403, CVE-2012-3481
SHA-256 | 5fe242f87bec9fe61d0273ef28381208c2155f5a6a03b6ffdb51a02ab7105d57
Red Hat Security Advisory 2012-1181-01
Posted Aug 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1181-01 - The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-3909, CVE-2011-2896, CVE-2012-3402, CVE-2012-3403, CVE-2012-3481
SHA-256 | d07a668d4092b975d010a7e8cabb42339fa978256fe5994567236ee4a082550a
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close