QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4433

Published: Nov 18, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=856300

x_refsource_MISC

http://git.gnome.org/browse/gegl/commit/?id=4757cdf73d3675478d645a3ec8250ba02168a230

x_refsource_CONFIRM

openSUSE-SU-2013:0159

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

http://git.gnome.org/browse/gegl/commit/?id=1e92e5235ded0415d555aa86066b8e4041ee5a53

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

gegl-ppm-bo(79822)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_MANDRIVA

[oss-security] 20121106 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.