CVE-2013-1978
Description
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.367
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Upgrade gimp 2.6.9 to latest version | Windows |
| Multiple Vulnerabilities are affected in GIMP 2.6.7 | Windows |
| Multiple Vulnerabilities are affected in GIMP 2.6.8 | Windows |
| Multiple Vulnerabilities are affected in GIMP 2.6.1 | Windows |
| Multiple Vulnerabilities are affected in GIMP 2.6.6 | Windows |
| Multiple Vulnerabilities are affected in GIMP 2.6.0 | Windows |
| Multiple Vulnerabilities are affected in GIMP 2.6.2 | Windows |
| Multiple Vulnerabilities are affected in GIMP 2.6.3 | Windows |
| Multiple Vulnerabilities are affected in GIMP 2.6.4 | Windows |
| Multiple Vulnerabilities are affected in GIMP 2.6.5 | Windows |
| Multiple Vulnerabilities are affected in GIMP 2.6.9 | Windows |
| (RHSA-2013:1778) Moderate: gimp security update gimp-2.2.13-3.el5_10.i386.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-2.2.13-3.el5_10.x86_64.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-2.6.9-6.el6_5.i686.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-2.6.9-6.el6_5.x86_64.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-devel-2.2.13-3.el5_10.i386.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-devel-2.2.13-3.el5_10.x86_64.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-devel-2.6.9-6.el6_5.i686.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-devel-2.6.9-6.el6_5.x86_64.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-devel-tools-2.6.9-6.el6_5.i686.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-devel-tools-2.6.9-6.el6_5.x86_64.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-help-browser-2.6.9-6.el6_5.i686.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-help-browser-2.6.9-6.el6_5.x86_64.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-libs-2.2.13-3.el5_10.i386.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-libs-2.2.13-3.el5_10.x86_64.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-libs-2.6.9-6.el6_5.i686.rpm | Linux |
| (RHSA-2013:1778) Moderate: gimp security update gimp-libs-2.6.9-6.el6_5.x86_64.rpm | Linux |
| Gimp-help update (ELSA-2016-2589) gimp-help-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-ca update (ELSA-2016-2589) gimp-help-ca-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-da update (ELSA-2016-2589) gimp-help-da-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-de update (ELSA-2016-2589) gimp-help-de-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-el update (ELSA-2016-2589) gimp-help-el-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-en_GB update (ELSA-2016-2589) gimp-help-en_GB-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-es update (ELSA-2016-2589) gimp-help-es-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-fr update (ELSA-2016-2589) gimp-help-fr-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-it update (ELSA-2016-2589) gimp-help-it-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-ja update (ELSA-2016-2589) gimp-help-ja-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-ko update (ELSA-2016-2589) gimp-help-ko-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-nl update (ELSA-2016-2589) gimp-help-nl-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-nn update (ELSA-2016-2589) gimp-help-nn-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-pt_BR update (ELSA-2016-2589) gimp-help-pt_BR-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-ru update (ELSA-2016-2589) gimp-help-ru-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-sl update (ELSA-2016-2589) gimp-help-sl-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-sv update (ELSA-2016-2589) gimp-help-sv-2.8.2-1.el7.noarch.rpm | Linux |
| Gimp-help-zh_CN update (ELSA-2016-2589) gimp-help-zh_CN-2.8.2-1.el7.noarch.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234