CVE-2012-3403

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-3403
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1180.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1181.html Third Party Advisory
http://secunia.com/advisories/50296 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:142 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2013:082 Broken Link
http://www.openwall.com/lists/oss-security/2012/08/20/7 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/55101 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1027411 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1559-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=839020 Issue Tracking Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1180.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1181.html Third Party Advisory
http://secunia.com/advisories/50296 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:142 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2013:082 Broken Link
http://www.openwall.com/lists/oss-security/2012/08/20/7 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/55101 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1027411 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1559-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=839020 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*
History

21 Nov 2024, 01:40

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2012-1180.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2012-1180.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2012-1181.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2012-1181.html - Third Party Advisory
References () http://secunia.com/advisories/50296 - Broken Link () http://secunia.com/advisories/50296 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2012:142 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2012:142 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2013:082 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2013:082 - Broken Link
References () http://www.openwall.com/lists/oss-security/2012/08/20/7 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2012/08/20/7 - Mailing List, Third Party Advisory
References () http://www.securityfocus.com/bid/55101 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/55101 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1027411 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1027411 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-1559-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-1559-1 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=839020 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=839020 - Issue Tracking, Third Party Advisory

07 Feb 2022, 18:46

Type Values Removed Values Added
References (BID) http://www.securityfocus.com/bid/55101 - (BID) http://www.securityfocus.com/bid/55101 - Broken Link, Third Party Advisory, VDB Entry
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html - Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=839020 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=839020 - Issue Tracking, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html - Third Party Advisory
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2012:142 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2012:142 - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2013:082 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2013:082 - Broken Link
References (SECTRACK) http://www.securitytracker.com/id?1027411 - (SECTRACK) http://www.securitytracker.com/id?1027411 - Broken Link, Third Party Advisory, VDB Entry
References (MLIST) http://www.openwall.com/lists/oss-security/2012/08/20/7 - (MLIST) http://www.openwall.com/lists/oss-security/2012/08/20/7 - Mailing List, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/50296 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/50296 - Broken Link
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-1180.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-1180.html - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-1181.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-1181.html - Third Party Advisory
References (UBUNTU) http://www.ubuntu.com/usn/USN-1559-1 - (UBUNTU) http://www.ubuntu.com/usn/USN-1559-1 - Third Party Advisory
CWE CWE-119 CWE-787
CPE cpe:2.3:a:gimp:gimp:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.6.9:*:*:*:*:*:*:*
Information

Published : 2012-08-25 10:29

Updated : 2025-04-11 00:51

NVD link : CVE-2012-3403

Mitre link : CVE-2012-3403

CVE.ORG link : CVE-2012-3403

JSON object : View

Products Affected

gimp

  • gimp
CWE
CWE-787

Out-of-bounds Write