Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в gimp
Опубликовано:19 сентября 2012 г.
Источник:
SecurityVulns ID:12593
Тип:локальная
Уровень опасности:
4/10
Описание:Повреждения памяти при разборе FIT, GIF, KiSS.
CVE:CVE-2012-3481 (Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.)
 CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free.")
 CVE-2012-3236 (fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.)
Оригинальный текстdocumentUBUNTU, [USN-1559-1] GIMP vulnerabilities (19.09.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород