all things security
Showing 1 - 6 of 6 RSS Feed

CVE-2012-3403

Status Candidate

Overview

Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."

Related Files

Gentoo Linux Security Advisory 201311-05
Posted Nov 11, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-5 - Multiple vulnerabilities have been found in GIMP, the worst of which allow execution of arbitrary code. Versions less than 2.8.2-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-3403, CVE-2012-3481, CVE-2012-5576
MD5 | fd922f85736a57790cfed7b88a1322dd
Mandriva Linux Security Advisory 2013-082
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-082 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service via a malformed XTENSION header of a.fit file, as demonstrated using a long string.GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Additionally it fixes partial translations in several languages. This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-3481, CVE-2012-3403, CVE-2012-3236, CVE-2012-5576
MD5 | 5755c5a3c4104168f6f0032df71fa5fe
Ubuntu Security Notice USN-1559-1
Posted Sep 10, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1559-1 - Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3236, CVE-2012-3403, CVE-2012-3481, CVE-2012-3236, CVE-2012-3403, CVE-2012-3481
MD5 | 4e56aa790da5ec5a05ee1531c2cc0da6
Mandriva Linux Security Advisory 2012-142
Posted Aug 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-142 - A heap-based buffer overflow flaw, leading to invalid free, was found in the way KISS CEL file format plug-in of Gimp, the GNU Image Manipulation Program, performed loading of certain palette files. A remote attacker could provide a specially-crafted KISS palette file that, when opened in Gimp would cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the gimp executable. Integer overflow, leading to heap-based buffer overflow flaw was found in the GIMP's GIF image file plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. The updated gimp packages have been upgraded to the 2.6.12 version and patched to correct these issues. Additionally for Mandriva Enterprise server 5 the gegl packages was upgraded to the 0.0.22 version and rebuilt for ffmpeg 0.5.9, the enscript packages was added because of a build dependency, the gutenprint and mtink packages was rebuilt against the gimp 2.6.12 libraries.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-3403, CVE-2012-3481
MD5 | 592cdbc841d1a0da527a0acc134bee1a
Red Hat Security Advisory 2012-1180-01
Posted Aug 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1180-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-2896, CVE-2012-3403, CVE-2012-3481
MD5 | f945a0e1b2466086833090bc9728b047
Red Hat Security Advisory 2012-1181-01
Posted Aug 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1181-01 - The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-3909, CVE-2011-2896, CVE-2012-3402, CVE-2012-3403, CVE-2012-3481
MD5 | 8119619c1e305025723c2b28001aaa71
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    22 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close