CVE-2013-1978

MEDIUM

Description

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

References

http://rhn.redhat.com/errata/RHSA-2013-1778.html

http://www.debian.org/security/2013/dsa-2813

http://www.securityfocus.com/bid/64098

http://www.ubuntu.com/usn/USN-2051-1

https://bugzilla.redhat.com/show_bug.cgi?id=953902

https://security.gentoo.org/glsa/201603-01

Details

Source: MITRE

Published: 2013-12-12

Updated: 2019-04-22

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
89712GLSA-201603-01 : GIMP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
72422SuSE 11.3 Security Update : gimp (SAT Patch Number 8856)NessusSuSE Local Security Checks
high
71512Mandriva Linux Security Advisory : gimp (MDVSA-2013:293)NessusMandriva Local Security Checks
medium
71476Fedora 19 : gimp-2.8.10-4.fc19 (2013-22776)NessusFedora Local Security Checks
medium
71475Fedora 18 : gimp-2.8.10-4.fc18 (2013-22771)NessusFedora Local Security Checks
medium
71419Fedora 20 : gimp-2.8.10-4.fc20 (2013-22701)NessusFedora Local Security Checks
medium
71309Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : gimp vulnerability (USN-2051-1)NessusUbuntu Local Security Checks
medium
71303Scientific Linux Security Update : gimp on SL5.x, SL6.x i386/x86_64 (20131203)NessusScientific Linux Local Security Checks
high
71276Debian DSA-2813-1 : gimp - several vulnerabilitiesNessusDebian Local Security Checks
medium
71189RHEL 5 / 6 : gimp (RHSA-2013:1778)NessusRed Hat Local Security Checks
high
71186Oracle Linux 5 / 6 : gimp (ELSA-2013-1778)NessusOracle Linux Local Security Checks
high
71178CentOS 5 / 6 : gimp (CESA-2013:1778)NessusCentOS Local Security Checks
high