NVD Vulnerability Detail

CVE-2012-2370

Summary	Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
Publication Date	Aug. 14, 2012, 5:55 a.m.
Registration Date	Jan. 28, 2021, 2:58 p.m.
Last Update	Nov. 21, 2024, 10:38 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://git.gnome.org/browse/gdk-pixbuf/
2	http://git.gnome.org/browse/gdk-pixbuf/
3	http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22	Exploit Patch
4	http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22	Exploit Patch
5	http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516	Patch
6	http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516	Patch
7	http://rhn.redhat.com/errata/RHSA-2013-0135.html
8	http://rhn.redhat.com/errata/RHSA-2013-0135.html
9	http://secunia.com/advisories/49125	Vendor Advisory
10	http://secunia.com/advisories/49125	Vendor Advisory
11	http://secunia.com/advisories/49715	Vendor Advisory
12	http://secunia.com/advisories/49715	Vendor Advisory
13	http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml
14	http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml
15	http://www.openwall.com/lists/oss-security/2012/05/15/8
16	http://www.openwall.com/lists/oss-security/2012/05/15/8
17	http://www.openwall.com/lists/oss-security/2012/05/15/9
18	http://www.openwall.com/lists/oss-security/2012/05/15/9
19	http://www.securityfocus.com/bid/53548
20	http://www.securityfocus.com/bid/53548
21	https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150	Exploit
22	https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150	Exploit
23	https://exchange.xforce.ibmcloud.com/vulnerabilities/75578
24	https://exchange.xforce.ibmcloud.com/vulnerabilities/75578

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

JVN Vulnerability Information

gdk-pixbuf の io-xbm.c における整数オーバーフローの脆弱性

Title	gdk-pixbuf の io-xbm.c における整数オーバーフローの脆弱性
Summary	gdk-pixbuf の io-xbm.c 内の read_bitmap_file_data 関数には、整数オーバーフローの脆弱性が存在します。
Possible impacts	第三者により、ヒープベースのバッファオーバーフローを誘発する XBM ファイル内の負の (1) height または (2) width を介して、サービス運用妨害 (アプリケーションクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 14, 2012, midnight
Registration Date	Aug. 15, 2012, 2:25 p.m.
Last Update	Jan. 22, 2013, 5:15 p.m.

Affected System

GNOME Project

gdk-pixbuf 2.26.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-2370	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2370
National Vulnerability Database (NVD)
2	CVE-2012-2370	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2370
SECURITY BLOG
3	CVE-2012-2370 Denial of Service (DoS) vulnerability in GTK+	http://blogs.oracle.com/sunsecurity/entry/cve_2012_2370_denial_of

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Gentoo Linux Security Advisory
1	GLSA 201206-20 / gdk-pixbuf	http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml
GNOME GIT source code repository
2	gdk-pixbuf - commit - 2.26.1	http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516
3	gdk-pixbuf - commit - Avoid an integer overflow in the xbm loader	http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22
4	gdk-pixbuf - summary	http://git.gnome.org/browse/gdk-pixbuf/
Launchpad
5	Bug #681150	https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150
Red Hat Security Advisory
6	RHSA-2013:0135	http://rhn.redhat.com/errata/RHSA-2013-0135.html

Change Log

No	Changed Details	Date of change
0	[2012年08月15日] 掲載 [2012年09月06日] ベンダ情報：オラクル (CVE-2012-2370 Denial of Service (DoS) vulnerability in GTK+) を追加 [2013年01月22日] ベンダ情報：レッドハット (RHSA-2013:0135) を追加	Feb. 17, 2018, 10:37 a.m.