CVE-2012-4433 — Integer Overflow or Wraparound in Gegl

CWE-189 CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow7 documents6 sources

Severity

7.5HIGHNVD

EPSS

12.3%

top 6.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gegl Debian Gegl

Timeline

PublishedNov 18

Latest updateMay 17

Description

Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/gegl< gegl 0.2.0-2+nmu1 (bookworm)

▶Debiangegl/gegl< 0.2.0-2+nmu1+3

▶NVDgegl/gegl0.2.0

🔴Vulnerability Details

GHSA

GHSA-5fq4-p47w-gx8m: Multiple integer overflows in operations/external/ppm-load↗2022-05-17

▶

OSV

CVE-2012-4433: Multiple integer overflows in operations/external/ppm-load↗2012-11-18

▶

📋Vendor Advisories

Red Hat

gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers↗2012-11-05

▶

Debian

CVE-2012-4433: gegl - Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Gr...↗2012

▶

💬Community

Bugzilla

CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers [fedora-all]↗2012-11-05

▶

Bugzilla

CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers↗2012-09-11

▶