CVE-2012-5576 - OpenCVE

Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gimp	Gimp

Configuration 1 [-]

cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1	Patch Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2012-12/msg00017.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-01/msg00014.html	Third Party Advisory
http://secunia.com/advisories/50296	Broken Link
http://secunia.com/advisories/51479	Broken Link
http://secunia.com/advisories/51528	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2013:082	Broken Link
http://www.openwall.com/lists/oss-security/2012/11/27/1	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/56647	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1659-1	Patch Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=687392	Exploit Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-12-18T01:00:00

Updated: 2013-12-02T13:57:00

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5576

JSON object: View

NVD Information

Status : Modified

Published: 2012-12-18T01:55:06.913

Modified: 2023-02-13T04:37:36.573

Link: CVE-2012-5576

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-02T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-02T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "51479", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51479"}, {"name": "51528", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51528"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1"}, {"name": "[oss-security] 20121126 Re: CVE Request: Gimp memory corruption vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/11/27/1"}, {"name": "MDVSA-2013:082", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082"}, {"name": "USN-1659-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1659-1"}, {"name": "56647", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56647"}, {"name": "openSUSE-SU-2013:0123", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00014.html"}, {"name": "openSUSE-SU-2012:1623", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00017.html"}, {"name": "50296", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50296"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=687392"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5576", "datePublished": "2012-12-18T01:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2013-12-02T13:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "matchCriteriaId": "B960BBC9-CDCB-4717-9998-0B3D434B5F54", "versionEndExcluding": "2.8.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de bufer basados en pila en file-xwd.c en el complemento X Window Dump (XWD) en GIMP v2.8.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una gran m\u00e1scara de color (1) rojo, (2) verde, o (3) azul en un archivo XWD."}], "id": "CVE-2012-5576", "lastModified": "2023-02-13T04:37:36.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-18T01:55:06.913", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00017.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00014.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/50296"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/51479"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/51528"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/11/27/1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/56647"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1659-1"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=687392"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}