Vulnerabilities > CVE-2018-12601 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

sam2p-project

debian

CWE-787

nessus

NVD

Published: 2018-06-20

Updated: 2020-08-24

Summary

There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.

Vulnerable Configurations

Part	Description	Count
Application	Sam2P_Project Sam2P Project Sam2P 0.49.4	1
OS	Debian Debian Debian Linux 8.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1463.NASL
description	Various vulnerabilities leading to denial of service or possible unspecified other impacts were discovered in sam2p, an utility to convert raster images to EPS, PDF, and other formats. CVE-2018-12578 A heap-buffer-overflow in bmp_compress1_row. Thanks to Peter Szabo for providing a fix. CVE-2018-12601 A heap-buffer-overflow in function ReadImage, in file input-tga.ci. Thanks to Peter Szabo for providing a fix. For Debian 8
last seen	2020-06-01
modified	2020-06-02
plugin id	111651
published	2018-08-13
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111651
title	Debian DLA-1463-1 : sam2p security update

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References