Search for vulnerabilities
Vulnerability details: VCID-nngn-wxke-aaaj
Vulnerability ID VCID-nngn-wxke-aaaj
Aliases CVE-2012-5576
Summary Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-121 Stack-based Buffer Overflow
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2013:1778
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.06336 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.07697 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.24328 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.24328 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.24328 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.24328 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.75866 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.75866 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.75866 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.75866 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.75866 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.75866 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.75866 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.75866 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.75866 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
epss 0.75866 https://api.first.org/data/v1/epss?cve=CVE-2012-5576
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=879302
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2012-5576
Reference id Reference type URL
http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
http://lists.opensuse.org/opensuse-updates/2012-12/msg00017.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00014.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5576.json
https://api.first.org/data/v1/epss?cve=CVE-2012-5576
https://bugzilla.gnome.org/show_bug.cgi?id=687392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576
http://secunia.com/advisories/50296
http://secunia.com/advisories/51479
http://secunia.com/advisories/51528
http://www.mandriva.com/security/advisories?name=MDVSA-2013:082
http://www.openwall.com/lists/oss-security/2012/11/27/1
http://www.securityfocus.com/bid/56647
http://www.ubuntu.com/usn/USN-1659-1
693977 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693977
879302 https://bugzilla.redhat.com/show_bug.cgi?id=879302
cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*
CVE-2012-5576 https://nvd.nist.gov/vuln/detail/CVE-2012-5576
GLSA-201311-05 https://security.gentoo.org/glsa/201311-05
RHSA-2013:1778 https://access.redhat.com/errata/RHSA-2013:1778
USN-1659-1 https://usn.ubuntu.com/1659-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2012-5576
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90044
EPSS Score 0.06336
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.