CVE-2013-1978 — Out-of-bounds Write in Gimp

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow9 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

3.4%

top 12.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gimp Redhat Enterprise Linux

Timeline

PublishedDec 12

Latest updateMay 13

Description

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debiangimp/gimp< 2.8.10-0.1+3

▶NVDgimp/gimp2.6.9

Also affects: Enterprise Linux 5.0, 6.0

🔴Vulnerability Details

GHSA

GHSA-m9mj-2mx7-5fr2: Heap-based buffer overflow in the read_xwd_cols function in file-xwd↗2022-05-13

▶

CVEList

CVE-2013-1978: Heap-based buffer overflow in the read_xwd_cols function in file-xwd↗2013-12-12

▶

OSV

CVE-2013-1978: Heap-based buffer overflow in the read_xwd_cols function in file-xwd↗2013-12-12

▶

📋Vendor Advisories

Ubuntu

GIMP vulnerability↗2013-12-09

▶

Red Hat

gimp: XWD plugin color map heap-based buffer overflow↗2013-12-03

▶

Debian

CVE-2013-1978: gimp - Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X ...↗2013

▶

💬Community

Bugzilla

CVE-2013-1913 CVE-2013-1978 gimp: various flaws [fedora-all]↗2013-12-03

▶

Bugzilla

CVE-2013-1978 gimp: XWD plugin color map heap-based buffer overflow↗2013-04-19

▶