CVE-2012-5576

Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
gimpgimp
𝑥
< 2.8.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gimp
bullseye
2.10.22-4+deb11u2
fixed
bullseye (security)
2.10.22-4+deb11u1
fixed
bookworm
2.10.34-1+deb12u2
fixed
bookworm (security)
2.10.34-1+deb12u1
fixed
sid
2.10.38-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gimp
quantal
Fixed 2.8.2-1ubuntu1.1
released
precise
Fixed 2.6.12-1ubuntu1.2
released
oneiric
Fixed 2.6.11-2ubuntu4.2
released
lucid
Fixed 2.6.8-2ubuntu1.6
released
hardy
ignored
Common Weakness Enumeration
References
http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
http://lists.opensuse.org/opensuse-updates/2012-12/msg00017.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00014.html
http://secunia.com/advisories/50296
http://secunia.com/advisories/51479
http://secunia.com/advisories/51528
http://www.mandriva.com/security/advisories?name=MDVSA-2013:082
http://www.openwall.com/lists/oss-security/2012/11/27/1
http://www.securityfocus.com/bid/56647
http://www.ubuntu.com/usn/USN-1659-1
https://bugzilla.gnome.org/show_bug.cgi?id=687392
http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
http://lists.opensuse.org/opensuse-updates/2012-12/msg00017.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00014.html
http://secunia.com/advisories/50296
http://secunia.com/advisories/51479
http://secunia.com/advisories/51528
http://www.mandriva.com/security/advisories?name=MDVSA-2013:082
http://www.openwall.com/lists/oss-security/2012/11/27/1
http://www.securityfocus.com/bid/56647
http://www.ubuntu.com/usn/USN-1659-1
https://bugzilla.gnome.org/show_bug.cgi?id=687392