Gentoo Linux Security Advisory 201311-5 - Multiple vulnerabilities have been found in GIMP, the worst of which allow execution of arbitrary code. Versions less than 2.8.2-r1 are affected.
6027eff1e8bb15ee68e35cb814bc51fa21d963ae32867db42a12f347a935c593Mandriva Linux Security Advisory 2013-082 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service via a malformed XTENSION header of a.fit file, as demonstrated using a long string.GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Additionally it fixes partial translations in several languages. This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues.
5eaae2aec299f35149b65e15fa71b0de901e1c8a4e1982ea1ee6034c3c19b62eUbuntu Security Notice 1559-1 - Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. Various other issues were also addressed.
424758cfe93d12a6c3cbc07557e8d64b2fd4af1f52d8a7be6d7a538b7429cd20Mandriva Linux Security Advisory 2012-142 - A heap-based buffer overflow flaw, leading to invalid free, was found in the way KISS CEL file format plug-in of Gimp, the GNU Image Manipulation Program, performed loading of certain palette files. A remote attacker could provide a specially-crafted KISS palette file that, when opened in Gimp would cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the gimp executable. Integer overflow, leading to heap-based buffer overflow flaw was found in the GIMP's GIF image file plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. The updated gimp packages have been upgraded to the 2.6.12 version and patched to correct these issues. Additionally for Mandriva Enterprise server 5 the gegl packages was upgraded to the 0.0.22 version and rebuilt for ffmpeg 0.5.9, the enscript packages was added because of a build dependency, the gutenprint and mtink packages was rebuilt against the gimp 2.6.12 libraries.
aec214e418fa063224a016dcb76fa86d1ca6e8c1157010ee36b64648e14af80dRed Hat Security Advisory 2012-1180-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
5fe242f87bec9fe61d0273ef28381208c2155f5a6a03b6ffdb51a02ab7105d57Red Hat Security Advisory 2012-1181-01 - The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
d07a668d4092b975d010a7e8cabb42339fa978256fe5994567236ee4a082550a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed