Vulnerability Details : CVE-2012-3402
Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-3402
Probability of exploitation activity in the next 30 days: 1.71%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3402
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-3402
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3402
-
https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff
Attachment 603059 Details for Bug 838941 – Patch to fix CVEs 2009-3909 and 2012-3402Issue Tracking;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1181.html
RHSA-2012:1181 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-201209-23.xml
GIMP: Multiple vulnerabilities (GLSA 201209-23) — Gentoo securityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2012/08/20/6
oss-security - The Gimp PSD plug-in CVE-2012-3402 issueMailing List;Third Party Advisory
-
http://www.securitytracker.com/id?1027411
GNU Image Manipulation Program (GIMP) PSD/KiSS/GIF Heap Overflows Let Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=838941
838941 – (CVE-2012-3402) CVE-2012-3402 gimp (PSD plug-in): Heap-buffer overflow by decoding certain PSD headersIssue Tracking;Third Party Advisory
Products affected by CVE-2012-3402
- cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*