LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

gimp: code execution

Package(s):gimp CVE #(s):CVE-2012-3402 CVE-2009-3909
Created:August 20, 2012 Updated:September 28, 2012
Description: From the Red Hat advisory:

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-3909, CVE-2012-3402)

Alerts:
Red Hat RHSA-2012:1181-01 2012-08-20
CentOS CESA-2012:1181 2012-08-20
Scientific Linux SL-gimp-20120820 2012-08-20
Oracle ELSA-2012-1181 2012-08-20
SUSE SUSE-SU-2012:1027-1 2012-08-23
Gentoo 201209-23 2012-09-28
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds