Novell Home

CVE-2012-3481

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3481 at MITRE

Description

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 724628, 763595, 776572

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • gimp >= 2.2.10-22.46.1
  • gimp-devel >= 2.2.10-22.46.1
sle10-sp4-sdk.x86
sle10-sp4-sdk.x86-64
sled10-sp4.x86-64
sle10-sp4-sdk.ppc
sle10-sp4-sdk.ia64
sle10-sp4-sdk.s390x
sled10-sp4.x86
ZYPP Patch Nr: 8253
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP2
  • gimp >= 2.6.2-3.34.39.1
  • gimp-devel >= 2.6.2-3.34.39.1
  • gimp-lang >= 2.6.2-3.34.39.1
  • gimp-plugins-python >= 2.6.2-3.34.39.1
sle11-sp2-sdk.x86-64
sled11-sp2.x86
sled11-sp1.x86-64
sle11-sp1-sdk.x86
sle11-sp2-sdk.s390x
sled11-sp2.x86-64
sle11-sp1-sdk.s390x
sle11-sp2-sdk.ppc
sle11-sp1-sdk.ia64
sled11-sp1.x86
sle11-sp2-sdk.x86
sle11-sp1-sdk.x86-64
sle11-sp1-sdk.ppc
sle11-sp2-sdk.ia64
SAT Patch Nr: 6712
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • gimp >= 2.6.2-3.34.39.1
  • gimp-lang >= 2.6.2-3.34.39.1
  • gimp-plugins-python >= 2.6.2-3.34.39.1
sle11-sp2-sdk.x86-64
sled11-sp2.x86
sled11-sp1.x86-64
sle11-sp1-sdk.x86
sle11-sp2-sdk.s390x
sled11-sp2.x86-64
sle11-sp1-sdk.s390x
sle11-sp2-sdk.ppc
sle11-sp1-sdk.ia64
sled11-sp1.x86
sle11-sp2-sdk.x86
sle11-sp1-sdk.x86-64
sle11-sp1-sdk.ppc
sle11-sp2-sdk.ia64
SAT Patch Nr: 6712

© 2014 Novell