cbcvebase.
CVE-2012-2370
published 2012-08-13

CVE-2012-2370: Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service…

PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.10%
89.5th percentile
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.

Affected

13 ranges
VendorProductVersion rangeFixed in
debiangdk-pixbuf< gdk-pixbuf 2.26.1-1 (bookworm)gdk-pixbuf 2.26.1-1 (bookworm)
gnomegdk-pixbuf<= 2.26.0
gnomegdk-pixbuf
gnomegdk-pixbuf
gnomegdk-pixbuf
gnomegdk-pixbuf
gnomegdk-pixbuf
gnomegdk-pixbuf
gnomegdk-pixbuf
gnomegdk-pixbuf>= 0 < 2.26.1-12.26.1-1
gnomegdk-pixbuf>= 0 < 2.26.1-12.26.1-1
gnomegdk-pixbuf>= 0 < 2.26.1-12.26.1-1
gnomegdk-pixbuf>= 0 < 2.26.1-12.26.1-1

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.