New gegl packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix security issues.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code. (CVE-2012-4433)

Updated gegl packages that fix one security issue are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

GEGL (Generic Graphics Library) is a graph-based image processing framework.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code. (CVE-2012-4433)

This issue was discovered by Murray McAllister of the Red Hat Security Response Team.

Users of gegl should upgrade to these updated packages, which contain a backported patch to correct this issue.

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-1455 advisory.

    [0.1.2-4]
    - avoid buffer overflow in ppm loader (CVE-2012-4433)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Solaris system is missing necessary patches to address security updates :

  - Multiple integer overflows in     operations/external/ppm-load.c in GEGL (Generic Graphics     Library) 0.2.0 allow remote attackers to cause a denial     of service (application crash) or possibly execute     arbitrary code via a large (1) width or (2) height value     in a Portable Pixel Map (ppm) image, which triggers a     heap-based buffer overflow. (CVE-2012-4433)

This update for gegl fixes the following issues :

Security issue fixed :

  - Fix CVE-2012-4433: Fix buffer overflow in and add     plausibility checks to ppm-load op (bsc#789835).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update contains the following changes :

  - Fix buffer overflow in and add plausibility checks to     the ppm-load operation.

    - Fix multi-lib issue where content of generated       documentation could differ between architectures.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201310-05 (GEGL: User-assisted execution of arbitrary code)

    Multiple integer overflows in GEGL may cause a heap-based buffer       overflow.
  Impact :

    A remote attacker could entice a user to open a specially crafted PPM       image using an application linked against GEGL, possibly resulting in       execution of arbitrary code with the privileges of the process or a       Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

ID	名称	产品	系列	发布时间	最近更新时间	严重程度
103516	Slackware 14.0 / 14.1 / 14.2 / current : gegl (SSA:2017-270-01)	Nessus	Slackware Local Security Checks	2017/9/28	2025/11/19	high
62898	Scientific Linux Security Update : gegl on SL6.x i386/x86_64 (20121112)	Nessus	Scientific Linux Local Security Checks	2012/11/13	2021/1/14	high
62910	CentOS 6 : gegl (CESA-2012:1455)	Nessus	CentOS Local Security Checks	2012/11/14	2021/1/4	high
68655	Oracle Linux 6 : gegl (ELSA-2012-1455)	Nessus	Oracle Linux Local Security Checks	2013/7/12	2024/10/22	critical
80617	Oracle Solaris Third-Party Patch Update : gegl (multiple_integer_overflow_vulnerabilities_in)	Nessus	Solaris Local Security Checks	2015/1/19	2021/1/14	high
99020	openSUSE Security Update : gegl (openSUSE-2017-388)	Nessus	SuSE Local Security Checks	2017/3/28	2025/12/29	high
67337	Fedora 18 : gegl-0.2.0-11.fc18 (2013-12108)	Nessus	Fedora Local Security Checks	2013/7/12	2021/1/11	high
70311	GLSA-201310-05 : GEGL: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	2013/10/7	2021/1/6	high

检测

插件搜索

high

high

high

critical

high

high

high

high