You are here

CVE-2013-1913

Vincent (CVE) Danen's picture
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.

Details Source

Mitre

Public Date

2013-12-03 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-1913 gimp: xwd plugin g_new() integer overflow

Bugzilla ID

947 868

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

Acknowledgements

This issue was discovered by Murray McAllister of the Red Hat Security Response Team.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (gimp) RHSA-2013:1778 2013-12-03
Red Hat Enterprise Linux 5 (gimp) RHSA-2013:1778 2013-12-03

CWE

CWE-190

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 gimp Not affected