CVE-2012-2370

Published: Aug 13, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.

Affected (8)

Products: Gnome: Gdk Pixbuf

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Gnome Gdk Pixbuf	Up to 2.26.0
Gnome Gdk Pixbuf	Version 2.23.3
Gnome Gdk Pixbuf	Version 2.23.4
Gnome Gdk Pixbuf	Version 2.23.5
Gnome Gdk Pixbuf	Version 2.24.0
Gnome Gdk Pixbuf	Version 2.24.1
Gnome Gdk Pixbuf	Version 2.25.0
Gnome Gdk Pixbuf	Version 2.25.2

Related CWEs

References (24)

http://git.gnome.org/browse/gdk-pixbuf/

Source: secalert@redhat.com

http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22

Source: secalert@redhat.com

ExploitPatch

http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516

Source: secalert@redhat.com

Patch

http://rhn.redhat.com/errata/RHSA-2013-0135.html

Source: secalert@redhat.com

http://secunia.com/advisories/49125

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/49715

Source: secalert@redhat.com

Vendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/15/8

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/15/9

Source: secalert@redhat.com

http://www.securityfocus.com/bid/53548

Source: secalert@redhat.com

https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150

Source: secalert@redhat.com

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/75578

Source: secalert@redhat.com

http://git.gnome.org/browse/gdk-pixbuf/

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://rhn.redhat.com/errata/RHSA-2013-0135.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/49125

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/49715

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/05/15/8

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/05/15/9

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/53548

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/75578

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.