Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2013:081 First vendor Publication 2013-04-09
Vendor Mandriva Last vendor Modification 2013-04-09
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated gegl packages fix security vulnerability:

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially-crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code (CVE-2012-4433).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:081

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21632
 
Oval ID: oval:org.mitre.oval:def:21632
Title: RHSA-2012:1455: gegl security update (Moderate)
Description: Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.
Family: unix Class: patch
Reference(s): RHSA-2012:1455-01
CESA-2012:1455
CVE-2012-4433
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): gegl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23367
 
Oval ID: oval:org.mitre.oval:def:23367
Title: ELSA-2012:1455: gegl security update (Moderate)
Description: Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.
Family: unix Class: patch
Reference(s): ELSA-2012:1455-01
CVE-2012-4433
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): gegl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27636
 
Oval ID: oval:org.mitre.oval:def:27636
Title: DEPRECATED: ELSA-2012-1455 -- gegl security update (moderate)
Description: [0.1.2-4] - avoid buffer overflow in ppm loader (CVE-2012-4433)
Family: unix Class: patch
Reference(s): ELSA-2012-1455
CVE-2012-4433
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): gegl
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2012-11-15 Name : CentOS Update for gegl CESA-2012:1455 centos6
File : nvt/gb_CESA-2012_1455_gegl_centos6.nasl
2012-11-15 Name : RedHat Update for gegl RHSA-2012:1455-01
File : nvt/gb_RHSA-2012_1455-01_gegl.nasl

Nessus® Vulnerability Scanner

Date Description
2017-09-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2017-270-01.nasl - Type : ACT_GATHER_INFO
2017-03-28 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-388.nasl - Type : ACT_GATHER_INFO
2017-03-16 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0694-1.nasl - Type : ACT_GATHER_INFO
2017-03-16 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0696-1.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_gegl_20130716.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-841.nasl - Type : ACT_GATHER_INFO
2013-10-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-05.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-12075.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-12108.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-12115.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1455.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-081.nasl - Type : ACT_GATHER_INFO
2012-11-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1455.nasl - Type : ACT_GATHER_INFO
2012-11-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1455.nasl - Type : ACT_GATHER_INFO
2012-11-13 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121112_gegl_on_SL6_x.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:43:32
  • Multiple Updates
2013-04-09 13:18:30
  • First insertion