exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

CVE-2010-4540

Status Candidate

Overview

Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.

Related Files

Gentoo Linux Security Advisory 201209-23
Posted Sep 28, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-23 - Multiple vulnerabilities have been found in GIMP, the worst of which allow execution of arbitrary code or Denial of Service. Versions less than 2.6.12-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-1570, CVE-2009-3909, CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543, CVE-2011-1178, CVE-2011-2896, CVE-2012-2763, CVE-2012-3402
MD5 | a8b821baaae77956824d436955c1f75e
Debian Security Advisory 2426-1
Posted Mar 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2426-1 - Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543, CVE-2011-1782, CVE-2011-2896
MD5 | b46046f9b574b4f97091a038a731b84d
Red Hat Security Advisory 2011-0839-01
Posted Jun 1, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0839-01 - The GIMP is an image composition and editing program. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543
MD5 | 26cec1870af4375837fe2b66d289ccd8
Red Hat Security Advisory 2011-0838-01
Posted Jun 1, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0838-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.

tags | advisory, overflow, arbitrary
systems | linux, redhat, windows
advisories | CVE-2009-1570, CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543, CVE-2011-1178
MD5 | 1c5cd1c1123638a409d933853ddf0f25
Mandriva Linux Security Advisory 2011-103
Posted May 29, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-103 - Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Foreground field in a plugin configuration file.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543, CVE-2011-1782
MD5 | f7d354b8b9426d7315426021f4f4afae
Ubuntu Security Notice USN-1109-1
Posted Apr 13, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1109-1 - It was discovered that GIMP incorrectly handled malformed data in certain plugin configuration files. If a user were tricked into opening a specially crafted plugin configuration file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. It was discovered that GIMP incorrectly handled malformed PSP image files. If a user were tricked into opening a specially crafted PSP image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543
MD5 | ec672289fc85b7f9db73efa66f622f95
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    22 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close