You are here

CVE-2012-3403

Vincent (CVE) Danen's picture
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."

Details Source

Mitre

Public Date

2012-08-20 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-3403 gimp (CEL plug-in): heap buffer overflow when loading external palette files

Bugzilla ID

839 020

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (gimp) RHSA-2012:1181 2012-08-20
Red Hat Enterprise Linux 6 (gimp) RHSA-2012:1180 2012-08-20

CWE

CWE-122