Fluid Attacks Database

Description

Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	gegl	>=0 <0.2.0-2+nmu1	0.2.0-2+nmu1
debian 13	gegl	>=0 <0.2.0-2+nmu1	0.2.0-2+nmu1
debian 14	gegl	>=0 <0.2.0-2+nmu1	0.2.0-2+nmu1
rpm rhel6	gegl	<0:0.1.2-4.el6_3	0:0.1.2-4.el6_3
debian 12	gegl	>=0 <0.2.0-2+nmu1	0.2.0-2+nmu1

Aliases

1. CVE-2012-44332. NVD-2012-44333. OSV-DEBIAN-2012-44334. OSV-2012-44335. SECURITY-TRACKER-CVE-2012-4433

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.