CVE-2013-1913

Published: Dec 12, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.

Affected (3)

Products: Gimp: Gimp · Redhat: Enterprise Linux

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gimp Gimp	Up to 2.6.9

Running on/with	Platform Versions
Gnome Glib	Up to 2.24.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (12)

http://rhn.redhat.com/errata/RHSA-2013-1778.html

Source: secalert@redhat.com

Third Party AdvisoryVendor Advisory

http://www.debian.org/security/2013/dsa-2813

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/64105

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2051-1

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=947868

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201603-01

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1778.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVendor Advisory

http://www.debian.org/security/2013/dsa-2813

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/64105

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2051-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=947868

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201603-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.