CVE-2012-3403

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GIMP versions 2.6.9 and earlier GIMP versions 2.8.x and earlier

Description The issue is related to multiple vulnerabilities in the GIMP package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A heap-based buffer overflow in the KiSS CEL file format plug-in allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file.

Recommendations For GIMP versions 2.6.9 and earlier, update to a newer version to mitigate the risk. For GIMP versions 2.8.x and earlier, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the KiSS CEL file format plug-in until a patch is available.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2015-06186

BDU:2015-06188

BDU:2015-06189

BDU:2015-06190

BDU:2015-06191

BDU:2015-06192

BDU:2015-08769

BDU:2015-08770

BDU:2015-08771

BDU:2015-08772

BDU:2015-08773

BDU:2015-08774

CESA-2012_1180

CVE-2012-3403

OPENSUSE-SU-2012_1080-1

RHSA-2012:1180

RHSA-2012:1181

RHSA-2012_1180

RHSA-2012_1181

SUSE-SU-2012_1027-1

SUSE-SU-2012_1029-1

Affected Products

Centos

Gimp

Red Hat

Suse

CVE-2012-3403

Weakness Enumeration

Related Identifiers

Affected Products

References · 66