CVE-2012-3481
Published: 25 August 2012
Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Notes
Author | Note |
---|---|
sbeattie | a claimed reproducer in the novell bugzilla |
Priority
Status
Package | Release | Status |
---|---|---|
gimp Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.6.8-2ubuntu1.5)
|
|
natty |
Released
(2.6.11-1ubuntu6.3)
|
|
oneiric |
Released
(2.6.11-2ubuntu4.1)
|
|
precise |
Released
(2.6.12-1ubuntu1.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-gif-load.c?id=d95c2f0bcb6775bdee2bef35b7d84f6dfd490783 upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-gif-load.c?id=43fc9dbd8e2196944c8a71321e525b89b7df9f5c |