gimp: heap corruption [LWN.net]

Package(s):

gimp

CVE #(s):

CVE-2011-2896

Created:

August 22, 2011

Updated:

September 28, 2012

Description:

From the Red Hat bugzilla:

GIF image file format readers in various open source projects are based on the GIF decoder implementation written by David Koblas. This implementation contains a bug in the LZW decompressor, causing it to incorrectly handle compressed streams that contain code words that were not yet added to the decompression table. LZW decompression has a special case (a KwKwK string) when code word may match the first free entry in the decompression table. The implementation used in this GIF reading code allows code words not only matching, but also exceeding the first free entry.

Alerts:

Scientific Linux	SL-cups-20111206	2011-12-06
Red Hat	RHSA-2011:1635-03	2011-12-06
Debian	DSA-2354-1	2011-11-28
Mandriva	MDVSA-2011:167	2011-11-04
openSUSE	openSUSE-SU-2011:1152-1	2011-10-18
Mandriva	MDVSA-2011:146	2011-10-11
Ubuntu	USN-1214-1	2011-09-22
Ubuntu	USN-1207-1	2011-09-14
Fedora	FEDORA-2011-11221	2011-08-19
Fedora	FEDORA-2011-11318	2011-08-23
Fedora	FEDORA-2011-11305	2011-08-23
Fedora	FEDORA-2011-11197	2011-08-19
Fedora	FEDORA-2011-10782	2011-08-13
Fedora	FEDORA-2011-10788	2011-08-13
Red Hat	RHSA-2012:0302-03	2012-02-21
Debian	DSA-2426-1	2012-03-06
Oracle	ELSA-2012-0302	2012-03-07
Scientific Linux	SL-cups-20120321	2012-03-21
Red Hat	RHSA-2012:1180-01	2012-08-20
Red Hat	RHSA-2012:1181-01	2012-08-20
CentOS	CESA-2012:1181	2012-08-20
Scientific Linux	SL-gimp-20120820	2012-08-20
Scientific Linux	SL-gimp-20120820	2012-08-20
CentOS	CESA-2012:1180	2012-08-20
Oracle	ELSA-2012-1180	2012-08-20
Oracle	ELSA-2012-1181	2012-08-20
Gentoo	201209-23	2012-09-28

(Log in to post comments)