CentOS Update For Gegl CESA-2012:1455 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

GEGL (Generic Graphics Library) is a graph-based image processing framework. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially-crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code. (CVE-2012-4433) This issue was discovered by Murray McAllister of the Red Hat Security Response Team. Users of gegl should upgrade to these updated packages, which contain a backported patch to correct this issue.

Affected

gegl on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2012-November/018991.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4433

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk)
CentOS Security Advisory CESA-2009:0018 (xterm)
CentOS Security Advisory CESA-2009:1185 (seamonkey)
CentOS Security Advisory CESA-2009:0431 (kdegraphics)
CentOS Security Advisory CESA-2009:0345 (ghostscript)

CentOS Update for gegl CESA-2012:1455 centos6

Take action and discover your vulnerabilities