CVE-2012-4433
published 2012-11-18CVE-2012-4433: Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
13.26%
95.9th percentile
Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gegl | < gegl 0.2.0-2+nmu1 (bookworm) | gegl 0.2.0-2+nmu1 (bookworm) |
| gegl | gegl | — | — |
| gegl | gegl | >= 0 < 0.2.0-2+nmu1 | 0.2.0-2+nmu1 |
| gegl | gegl | >= 0 < 0.2.0-2+nmu1 | 0.2.0-2+nmu1 |
| gegl | gegl | >= 0 < 0.2.0-2+nmu1 | 0.2.0-2+nmu1 |
| gegl | gegl | >= 0 < 0.2.0-2+nmu1 | 0.2.0-2+nmu1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5fq4-p47w-gx8m: Multiple integer overflows in operations/external/ppm-load
ghsa_unreviewed·2022-05-17
CVE-2012-4433 [HIGH] GHSA-5fq4-p47w-gx8m: Multiple integer overflows in operations/external/ppm-load
Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.
OSV
CVE-2012-4433: Multiple integer overflows in operations/external/ppm-load
osv·2012-11-18·CVSS 7.5
CVE-2012-4433 [HIGH] CVE-2012-4433: Multiple integer overflows in operations/external/ppm-load
Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.
Red Hat
gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
vendor_redhat·2012-11-05·CVSS 7.5
CVE-2012-4433 [HIGH] CWE-190 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.
Package: gegl (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2012-4433: gegl - Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Gr...
vendor_debian·2012·CVSS 7.5
CVE-2012-4433 [HIGH] CVE-2012-4433: gegl - Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Gr...
Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 0.2.0-2+nmu1)
bullseye: resolved (fixed in 0.2.0-2+nmu1)
forky: resolved (fixed in 0.2.0-2+nmu1)
sid: resolved (fixed in 0.2.0-2+nmu1)
trixie: resolved (fixed in 0.2.0-2+nmu1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers [fedora-all]
bugzilla·2012-11-05·CVSS 7.5
CVE-2012-4433 [HIGH] CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers [fedora-all]
CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when
Bugzilla
CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
bugzilla·2012-09-11·CVSS 7.5
CVE-2012-4433 [HIGH] CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
CVE-2012-4433 gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
An integer overflow, leading to heap-based buffer overflow was found in the way portable pixmap format (PPM) image file format handler of GEGL, a graph based image processing framework, processed certain input PPM image file headers. A remote attacker could provide a specially-crafted PPM image that when opened in gegl executable would lead to crash, or, potentially arbitrary code execution with the privileges of the user running the binary.
This issue was found by Murray McAllister, Red Hat Security Response Team.
Discussion:
This issue affects the version of the gegl package, as shipped with Red Hat Enterprise Linux 6.
--
This issue affects the versions of the gegl package, as s
http://git.gnome.org/browse/gegl/commit/?id=1e92e5235ded0415d555aa86066b8e4041ee5a53http://git.gnome.org/browse/gegl/commit/?id=4757cdf73d3675478d645a3ec8250ba02168a230http://lists.opensuse.org/opensuse-updates/2013-01/msg00054.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1455.htmlhttp://secunia.com/advisories/51114http://secunia.com/advisories/51274http://www.mandriva.com/security/advisories?name=MDVSA-2013:081http://www.openwall.com/lists/oss-security/2012/11/06/1http://www.securityfocus.com/bid/56404http://www.securitytracker.com/id?1027754https://bugzilla.redhat.com/show_bug.cgi?id=856300https://exchange.xforce.ibmcloud.com/vulnerabilities/79822http://git.gnome.org/browse/gegl/commit/?id=1e92e5235ded0415d555aa86066b8e4041ee5a53http://git.gnome.org/browse/gegl/commit/?id=4757cdf73d3675478d645a3ec8250ba02168a230http://lists.opensuse.org/opensuse-updates/2013-01/msg00054.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1455.htmlhttp://secunia.com/advisories/51114http://secunia.com/advisories/51274http://www.mandriva.com/security/advisories?name=MDVSA-2013:081http://www.openwall.com/lists/oss-security/2012/11/06/1http://www.securityfocus.com/bid/56404http://www.securitytracker.com/id?1027754https://bugzilla.redhat.com/show_bug.cgi?id=856300https://exchange.xforce.ibmcloud.com/vulnerabilities/79822
2012-11-18
Published