gimp: code execution [LWN.net]

Package(s):

gimp

CVE #(s):

CVE-2012-3403 CVE-2012-3481

Created:

August 20, 2012

Updated:

September 4, 2012

Description:

From the Red Hat advisory:

A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481)

Alerts:

Red Hat	RHSA-2012:1180-01	2012-08-20
Red Hat	RHSA-2012:1181-01	2012-08-20
CentOS	CESA-2012:1181	2012-08-20
Scientific Linux	SL-gimp-20120820	2012-08-20
Scientific Linux	SL-gimp-20120820	2012-08-20
CentOS	CESA-2012:1180	2012-08-20
Mandriva	MDVSA-2012:142	2012-08-21
Oracle	ELSA-2012-1180	2012-08-20
Oracle	ELSA-2012-1181	2012-08-20
Mageia	MGASA-2012-0236	2012-08-23
SUSE	SUSE-SU-2012:1027-1	2012-08-23
SUSE	SUSE-SU-2012:1029-1	2012-08-23
SUSE	SUSE-SU-2012:1038-1	2012-08-24
Fedora	FEDORA-2012-12383	2012-08-28
Fedora	FEDORA-2012-12364	2012-09-02
openSUSE	openSUSE-SU-2012:1080-1	2012-09-03
openSUSE	openSUSE-SU-2012:1131-1	2012-09-07
Ubuntu	USN-1559-1	2012-09-10
Mandriva	MDVSA-2013:082	2013-04-09

(Log in to post comments)