CVE-2012-2370: Buffer Overflow
First published: Mon Aug 13 2012(Updated: )
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME gdk-pixbuf | <=2.26.0 | |
| GNOME gdk-pixbuf | =2.23.3 | |
| GNOME gdk-pixbuf | =2.23.4 | |
| GNOME gdk-pixbuf | =2.23.5 | |
| GNOME gdk-pixbuf | =2.24.0 | |
| GNOME gdk-pixbuf | =2.24.1 | |
| GNOME gdk-pixbuf | =2.25.0 | |
| GNOME gdk-pixbuf | =2.25.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.gnome.org/browse/gdk-pixbuf/
- http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22
- http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516
- http://rhn.redhat.com/errata/RHSA-2013-0135.html
- http://secunia.com/advisories/49125
- http://secunia.com/advisories/49715
- http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml
- http://www.openwall.com/lists/oss-security/2012/05/15/8
- http://www.openwall.com/lists/oss-security/2012/05/15/9
- http://www.securityfocus.com/bid/53548
- https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75578
Frequently Asked Questions
What is the severity of CVE-2012-2370?
CVE-2012-2370 is classified as a denial of service vulnerability that can lead to application crashes.
How do I fix CVE-2012-2370?
To fix CVE-2012-2370, update gdk-pixbuf to version 2.26.1 or later.
What systems are affected by CVE-2012-2370?
CVE-2012-2370 affects gdk-pixbuf versions prior to 2.26.1, including 2.23.x and 2.24.x versions.
What types of attacks can exploit CVE-2012-2370?
CVE-2012-2370 can be exploited by remote attackers using crafted XBM files with negative dimensions.
Is CVE-2012-2370 a buffer overflow vulnerability?
Yes, CVE-2012-2370 involves a heap-based buffer overflow caused by integer overflows.
- collector/nvd-index
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/gnome
- canonical/gnome gdk-pixbuf
- version/gnome gdk-pixbuf/2.26.0
- version/gnome gdk-pixbuf/2.23.3
- version/gnome gdk-pixbuf/2.23.4
- version/gnome gdk-pixbuf/2.23.5
- version/gnome gdk-pixbuf/2.24.0
- version/gnome gdk-pixbuf/2.24.1
- version/gnome gdk-pixbuf/2.25.0
- version/gnome gdk-pixbuf/2.25.2