gimp: arbitrary code execution [LWN.net]

Package(s):

gimp

CVE #(s):

CVE-2007-2356

Created:

May 1, 2007

Updated:

June 11, 2007

Description:

From this Secunia advisory: "Marsu has discovered a vulnerability in Gimp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "set_color_table()" function in plug-ins/common/sunras.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted .RAS file."

Alerts:

Debian	DSA-1301-1	2007-06-09
Ubuntu	USN-467-1	2007-05-31
Mandriva	MDKSA-2007:108	2007-05-22
Red Hat	RHSA-2007:0343-01	2007-05-21
SuSE	SUSE-SR:2007:011	2007-05-16
Gentoo	200705-08	2007-05-07
rPath	rPSA-2007-0090-1	2007-05-03
Foresight	FLEA-2007-0015-1	2007-04-30

(Log in to post comments)

gimp: arbitrary code execution

Posted Jun 4, 2007 15:30 UTC (Mon) by TehNamless (guest, #45584) [Link]

Fedora released this update way back when:

FC6 - http://www.redhat.com/archives/fedora-package-announce/20...

FC5 - http://www.redhat.com/archives/fedora-package-announce/20...

gimp: arbitrary code execution

Posted Jun 8, 2007 23:08 UTC (Fri) by roelofs (guest, #2599) [Link]

Jake reports that the Fedora alerts are attached to this GIMP bug:

http://lwn.net/Vulnerabilities/233436/

They fixed multiple vulnerabilities, but they get attached to just one LWN item.

Greg

gimp: arbitrary code execution

Posted Jun 10, 2007 10:30 UTC (Sun) by kreutzm (guest, #4700) [Link]

This is now fixed in Debian as well (DSA 1301)