Mandriva Linux Security Advisory 2013-294 - Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a large blue color mask in an XWD file. Integer overflow in the load_image function in file-xwd.c in the X Window Dump plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large color entries value in an X Window System image dump. Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an X Window System image dump with more colors than color map entries. The updated packages have been patched to correct these issues.
0c589706e06de2ee17c8adb14f2b13ecc5fc630ee2176e6b974e94db33c91251Red Hat Security Advisory 2013-1778-01 - The GIMP is an image composition and editing program. A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. The CVE-2013-1913 and CVE-2013-1978 issues were discovered by Murray McAllister of the Red Hat Security Response Team.
f90f3af27391971a54981a287302303009d3861c6452111b82d0990fdc3fb626Gentoo Linux Security Advisory 201311-5 - Multiple vulnerabilities have been found in GIMP, the worst of which allow execution of arbitrary code. Versions less than 2.8.2-r1 are affected.
6027eff1e8bb15ee68e35cb814bc51fa21d963ae32867db42a12f347a935c593Mandriva Linux Security Advisory 2013-082 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service via a malformed XTENSION header of a.fit file, as demonstrated using a long string.GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Additionally it fixes partial translations in several languages. This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues.
5eaae2aec299f35149b65e15fa71b0de901e1c8a4e1982ea1ee6034c3c19b62eUbuntu Security Notice 1659-1 - It was discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
0bef680340e4621767a09c5ee0c98bd23e8f0258f9c0c5bfda1860ce8e2d01db
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed