Unrated severityNVD Advisory· Published Aug 13, 2012· Updated Apr 29, 2026
CVE-2012-2370
CVE-2012-2370
Description
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.
Affected products
8cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*range: <=2.26.0
- cpe:2.3:a:gnome:gdk-pixbuf:2.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdk-pixbuf:2.23.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdk-pixbuf:2.23.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdk-pixbuf:2.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdk-pixbuf:2.24.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdk-pixbuf:2.25.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gdk-pixbuf:2.25.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- git.gnome.org/browse/gdk-pixbuf/commit/nvdPatch
- git.gnome.org/browse/gdk-pixbuf/commit/nvdExploitPatch
- bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150nvdExploit
- secunia.com/advisories/49125nvdVendor Advisory
- secunia.com/advisories/49715nvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0135.htmlnvd
- www.gentoo.org/security/en/glsa/glsa-201206-20.xmlnvd
- www.openwall.com/lists/oss-security/2012/05/15/8nvd
- www.openwall.com/lists/oss-security/2012/05/15/9nvd
- www.securityfocus.com/bid/53548nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/75578nvd
News mentions
0No linked articles in our index yet.