CVE-2012-3481

Name of the Vulnerable Software and Affected Versions gimp-libs version 2.6.9 gimp-devel-tools version 2.6.9 gimp-help-browser version 2.6.9 gimp-devel version 2.6.9 gimp-debuginfo version 2.6.9 gimp version 2.6.9 gimp version 2.8.x and earlier

Description The issue concerns multiple vulnerabilities in the GIMP software package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service or allowing the execution of arbitrary code. Specifically, an integer overflow in the ReadImage function in the GIF image format plug-in can trigger a heap-based buffer overflow via crafted height and len properties in a GIF image file.

Recommendations For gimp-libs version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp-devel-tools version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp-help-browser version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp-devel version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp-debuginfo version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp version 2.8.x and earlier, consider updating to a version later than 2.8.x to mitigate the risk. As a temporary workaround, consider restricting the use of the GIF image format plug-in until a patch is available.