CVE-2012-2370 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-2370 PUBLISHED CVSS 5 MEDIUM

Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.

EPSS 2.27% · 84.5th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

2.27%

84.5th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
gnome	gdk-pixbuf	0, 2.23.3, 2.23.4

Timeline

Aug 13, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 4, 2023 EPSS Score
Feb 13, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 1, 2023 EPSS Score
May 19, 2023 EPSS Score

References

GLSA-201206-20 vendor-advisory
RHSA-2013:0135 vendor-advisory
http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516 url
https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150 url
49125 third-party-advisory
gdkpixbuf-readbitmapfiledata-bo(75578) vdb
[oss-security] 20120515 Re: CVE Request: gdk-pixbuf Integer overflow in XBM file loader mailing-list
http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22 url
49715 third-party-advisory
53548 vdb
[oss-security] 20120515 CVE Request: gdk-pixbuf Integer overflow in XBM file loader mailing-list
http://git.gnome.org/browse/gdk-pixbuf/ url
https://nvd.nist.gov/vuln/detail/CVE-2012-2370 advisory
https://access.redhat.com/errata/RHSA-2013:0135 url
https://access.redhat.com/security/cve/CVE-2012-2370 url
https://bugzilla.redhat.com/show_bug.cgi?id=822468 url
http://git.gnome.org/browse/gdk-pixbuf url

Open in Interactive Console →