CVE-2012-2370
published 2012-08-13CVE-2012-2370: Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.10%
89.5th percentile
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 2.26.1-1 (bookworm) | gdk-pixbuf 2.26.1-1 (bookworm) |
| gnome | gdk-pixbuf | <= 2.26.0 | — |
| gnome | gdk-pixbuf | — | — |
| gnome | gdk-pixbuf | — | — |
| gnome | gdk-pixbuf | — | — |
| gnome | gdk-pixbuf | — | — |
| gnome | gdk-pixbuf | — | — |
| gnome | gdk-pixbuf | — | — |
| gnome | gdk-pixbuf | — | — |
| gnome | gdk-pixbuf | >= 0 < 2.26.1-1 | 2.26.1-1 |
| gnome | gdk-pixbuf | >= 0 < 2.26.1-1 | 2.26.1-1 |
| gnome | gdk-pixbuf | >= 0 < 2.26.1-1 | 2.26.1-1 |
| gnome | gdk-pixbuf | >= 0 < 2.26.1-1 | 2.26.1-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pw9j-x6mr-ph3r: Multiple integer overflows in the read_bitmap_file_data function in io-xbm
ghsa_unreviewed·2022-05-17
CVE-2012-2370 [MEDIUM] GHSA-pw9j-x6mr-ph3r: Multiple integer overflows in the read_bitmap_file_data function in io-xbm
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
OSV
CVE-2012-2370: Multiple integer overflows in the read_bitmap_file_data function in io-xbm
osv·2012-08-13·CVSS 5.0
CVE-2012-2370 [MEDIUM] CVE-2012-2370: Multiple integer overflows in the read_bitmap_file_data function in io-xbm
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
Red Hat
gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader
vendor_redhat·2012-03-25·CVSS 5.0
CVE-2012-2370 [MEDIUM] CWE-190 gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader
gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: gdk-pixbuf (Red Hat Enterprise Linux 5) - Affected
Package: gtk2 (Red Hat Enterprise Linux 6) - Will not
Debian
CVE-2012-2370: gdk-pixbuf - Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in ...
vendor_debian·2012·CVSS 5.0
CVE-2012-2370 [MEDIUM] CVE-2012-2370: gdk-pixbuf - Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in ...
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 2.26.1-1)
bullseye: resolved (fixed in 2.26.1-1)
forky: resolved (fixed in 2.26.1-1)
sid: resolved (fixed in 2.26.1-1)
trixie: resolved (fixed in 2.26.1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-2370 gdk-pixbuf, gdk-pixbuf2: Integer overflow in the XBM image file format loader [fedora-all]
bugzilla·2012-05-17·CVSS 5.0
CVE-2012-2370 [MEDIUM] CVE-2012-2370 gdk-pixbuf, gdk-pixbuf2: Integer overflow in the XBM image file format loader [fedora-all]
CVE-2012-2370 gdk-pixbuf, gdk-pixbuf2: Integer overflow in the XBM image file format loader [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.or
Bugzilla
CVE-2012-2370 gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader
bugzilla·2012-05-17·CVSS 5.0
CVE-2012-2370 [MEDIUM] CVE-2012-2370 gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader
CVE-2012-2370 gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader
An integer overflow flaw was found in the way X BitMap (XBM) image file format loader of gdk-pixbuf, an image loading library used with GNOME, used to read bitmap file data for certain images. A remote attacker could provide a specially-crafted XBM image file, which once loaded in an application linked against gdk-pixbuf, would lead to that application termination (GLib error and application abort).
Upstream bug report:
[1] https://bugzilla.gnome.org/show_bug.cgi?id=672811
Relevant patch:
[2] http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22
CVE request:
[3] http://www.openwall.com/lists/oss-security/2012/05/15/8
Refer
Bugzilla
CVE-2012-2370 gdk-pixbuf, gdk-pixbuf2: Integer overflow in the XBM image file format loader [fedora-all]
bugzilla·2012-05-17·CVSS 5.0
CVE-2012-2370 [MEDIUM] CVE-2012-2370 gdk-pixbuf, gdk-pixbuf2: Integer overflow in the XBM image file format loader [fedora-all]
CVE-2012-2370 gdk-pixbuf, gdk-pixbuf2: Integer overflow in the XBM image file format loader [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.or
http://git.gnome.org/browse/gdk-pixbuf/http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516http://rhn.redhat.com/errata/RHSA-2013-0135.htmlhttp://secunia.com/advisories/49125http://secunia.com/advisories/49715http://www.gentoo.org/security/en/glsa/glsa-201206-20.xmlhttp://www.openwall.com/lists/oss-security/2012/05/15/8http://www.openwall.com/lists/oss-security/2012/05/15/9http://www.securityfocus.com/bid/53548https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150https://exchange.xforce.ibmcloud.com/vulnerabilities/75578http://git.gnome.org/browse/gdk-pixbuf/http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516http://rhn.redhat.com/errata/RHSA-2013-0135.htmlhttp://secunia.com/advisories/49125http://secunia.com/advisories/49715http://www.gentoo.org/security/en/glsa/glsa-201206-20.xmlhttp://www.openwall.com/lists/oss-security/2012/05/15/8http://www.openwall.com/lists/oss-security/2012/05/15/9http://www.securityfocus.com/bid/53548https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150https://exchange.xforce.ibmcloud.com/vulnerabilities/75578
2012-08-13
Published