CVE-2012-2370 — Integer Overflow or Wraparound in Gdk-pixbuf

CWE-189 CWE-190 — Integer Overflow or Wraparound9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

2.3%

top 15.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gdk-pixbuf

Timeline

PublishedAug 13

Latest updateMay 17

Description

Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiangnome/gdk-pixbuf< 2.26.1-1+3

▶NVDgnome/gdk-pixbuf2.26.0+7

Patches

Patch: git.gnome.org ↗Patch: git.gnome.org ↗Patch: git.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-pw9j-x6mr-ph3r: Multiple integer overflows in the read_bitmap_file_data function in io-xbm↗2022-05-17

▶

OSV

CVE-2012-2370: Multiple integer overflows in the read_bitmap_file_data function in io-xbm↗2012-08-13

▶

CVEList

CVE-2012-2370: Multiple integer overflows in the read_bitmap_file_data function in io-xbm↗2012-08-13

▶

📋Vendor Advisories

Red Hat

gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader↗2012-03-25

▶

Debian

CVE-2012-2370: gdk-pixbuf - Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in ...↗2012

▶

💬Community

Bugzilla

CVE-2012-2370 gdk-pixbuf, gdk-pixbuf2: Integer overflow in the XBM image file format loader [fedora-all]↗2012-05-17

▶

Bugzilla

CVE-2012-2370 gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader↗2012-05-17

▶

Bugzilla

CVE-2012-2370 gdk-pixbuf, gdk-pixbuf2: Integer overflow in the XBM image file format loader [fedora-all]↗2012-05-17

▶