CVE-2012-2370
gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
Múltiples desbordamientos de enteros en la función read_bitmap_file_data de io-xbm.c en gdk-pixbuf antes de v2.26.1 permite a atacantes remotos causar una denegación de servicio (por caída de la aplicación) a través de un valor negativo en la (1) altura o (2) anchura en un archivo XBM, lo que provoca un desbordamiento de búfer basado en memoria dinámica (heap).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-04-19 CVE Reserved
- 2012-08-13 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://git.gnome.org/browse/gdk-pixbuf | X_refsource_misc | |
| http://www.openwall.com/lists/oss-security/2012/05/15/8 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/05/15/9 | Mailing List |
|
| http://www.securityfocus.com/bid/53548 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75578 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22 | 2024-08-06 | |
| https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0135.html | 2023-02-13 | |
| http://secunia.com/advisories/49125 | 2023-02-13 | |
| http://secunia.com/advisories/49715 | 2023-02-13 | |
| http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2012-2370 | 2013-01-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=822468 | 2013-01-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Gdk-pixbuf Search vendor "Gnome" for product "Gdk-pixbuf" | <= 2.26.0 Search vendor "Gnome" for product "Gdk-pixbuf" and version " <= 2.26.0" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gdk-pixbuf Search vendor "Gnome" for product "Gdk-pixbuf" | 2.23.3 Search vendor "Gnome" for product "Gdk-pixbuf" and version "2.23.3" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gdk-pixbuf Search vendor "Gnome" for product "Gdk-pixbuf" | 2.23.4 Search vendor "Gnome" for product "Gdk-pixbuf" and version "2.23.4" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gdk-pixbuf Search vendor "Gnome" for product "Gdk-pixbuf" | 2.23.5 Search vendor "Gnome" for product "Gdk-pixbuf" and version "2.23.5" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gdk-pixbuf Search vendor "Gnome" for product "Gdk-pixbuf" | 2.24.0 Search vendor "Gnome" for product "Gdk-pixbuf" and version "2.24.0" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gdk-pixbuf Search vendor "Gnome" for product "Gdk-pixbuf" | 2.24.1 Search vendor "Gnome" for product "Gdk-pixbuf" and version "2.24.1" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gdk-pixbuf Search vendor "Gnome" for product "Gdk-pixbuf" | 2.25.0 Search vendor "Gnome" for product "Gdk-pixbuf" and version "2.25.0" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Gdk-pixbuf Search vendor "Gnome" for product "Gdk-pixbuf" | 2.25.2 Search vendor "Gnome" for product "Gdk-pixbuf" and version "2.25.2" | - |
Affected
| ||||||