// For flags

CVE-2013-1978

gimp: XWD plugin color map heap-based buffer overflow

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

Desbordamiento de búfer en la función read_xwd_cols en file-xwd.c en el plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un volcado de imagen X Window System (XWD) con más colores que las entradas del mapa de color.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-02-19 CVE Reserved
  • 2013-12-04 CVE Published
  • 2024-01-29 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gimp
Search vendor "Gimp"
Gimp
Search vendor "Gimp" for product "Gimp"
<= 2.6.9
Search vendor "Gimp" for product "Gimp" and version " <= 2.6.9"
-
Affected
in Gnome
Search vendor "Gnome"
Glib
Search vendor "Gnome" for product "Glib"
<= 2.24.0
Search vendor "Gnome" for product "Glib" and version " <= 2.24.0"
-
Safe
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
5.0
Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
6.0
Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"
-
Affected