Integer Overflow Vulnerability in GEGL's Image Processing
CVE-2012-4433

Currently unrated

Key Information:

Vendor

Gegl

Status
Gegl
Vendor
CVE Published:
18 November 2012

What is CVE-2012-4433?

Multiple integer overflows in the GEGL (Generic Graphics Library) version 0.2.0 allow remote attackers to exploit this vulnerability by sending specially crafted Portable Pixel Map (ppm) images. This can result in a denial of service due to application crashes or potentially allow execution of arbitrary code via a heap-based buffer overflow triggered by excessively large width or height values.

References

https://bugzilla.redhat.com/show_bug.cgi?id=856300
x_refsource_MISC
http://git.gnome.org/browse/gegl/commit/?id=4757cdf73d367...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-01/msg000...
vendor-advisoryx_refsource_SUSE

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.