Vulnerabilities > CVE-2012-3402 - Integer Overflow or Wraparound vulnerability in Gimp

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909.

Vulnerable Configurations

Part Description Count
Application
Gimp
124

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201209-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201209-23 (GIMP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id62379
    published2012-09-29
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62379
    titleGLSA-201209-23 : GIMP: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GIMP-8251.NASL
    descriptionThis update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or even to potentially execute arbitrary code. (CVE-2012-3402)
    last seen2020-06-05
    modified2012-08-23
    plugin id61641
    published2012-08-23
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61641
    titleSuSE 10 Security Update : gimp (ZYPP Patch Number 8251)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1181.NASL
    descriptionFrom Red Hat Security Advisory 2012:1181 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id68601
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68601
    titleOracle Linux 5 : gimp (ELSA-2012-1181)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1181.NASL
    descriptionUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61604
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61604
    titleRHEL 5 : gimp (RHSA-2012:1181)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1181.NASL
    descriptionUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61600
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61600
    titleCentOS 5 : gimp (CESA-2012:1181)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120820_GIMP_ON_SL5_X.NASL
    descriptionThe GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-03-18
    modified2012-08-21
    plugin id61605
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61605
    titleScientific Linux Security Update : gimp on SL5.x i386/x86_64 (20120820)

Redhat

advisories
rhsa
idRHSA-2012:1181
rpms
  • gimp-2:2.2.13-2.0.7.el5_8.5
  • gimp-debuginfo-2:2.2.13-2.0.7.el5_8.5
  • gimp-devel-2:2.2.13-2.0.7.el5_8.5
  • gimp-libs-2:2.2.13-2.0.7.el5_8.5