CVE-2012-4433

Name of the Vulnerable Software and Affected Versions GEGL versions 0.1.2 through 0.2.0 GEGL version 0.1.2

Description The issue affects the GEGL library, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via a large width or height value in a Portable Pixel Map image. This triggers a heap-based buffer overflow. The vulnerability can lead to a disruption of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely.

Recommendations For GEGL versions 0.1.2, consider disabling the use of Portable Pixel Map images until a patch is available. For GEGL versions 0.1.2, restrict access to the operations/external/ppm-load.c module to minimize the risk of exploitation. For GEGL version 0.2.0, avoid using large width or height values in Portable Pixel Map images until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.