gimp: heap corruption

Package(s):

gimp

CVE #(s):

CVE-2011-2896

Created:

August 22, 2011

Updated:

September 28, 2012

Description:

From the Red Hat bugzilla:

GIF image file format readers in various open source projects are based on the GIF decoder implementation written by David Koblas. This implementation contains a bug in the LZW decompressor, causing it to incorrectly handle compressed streams that contain code words that were not yet added to the decompression table. LZW decompression has a special case (a KwKwK string) when code word may match the first free entry in the decompression table. The implementation used in this GIF reading code allows code words not only matching, but also exceeding the first free entry.

Alerts:

Gentoo	201209-23	gimp	2012-09-28
Oracle	ELSA-2012-1181	gimp	2012-08-20
Oracle	ELSA-2012-1180	gimp	2012-08-20
CentOS	CESA-2012:1180	gimp	2012-08-20
Scientific Linux	SL-gimp-20120820	gimp	2012-08-20
Scientific Linux	SL-gimp-20120820	gimp	2012-08-20
CentOS	CESA-2012:1181	gimp	2012-08-20
Red Hat	RHSA-2012:1181-01	gimp	2012-08-20
Red Hat	RHSA-2012:1180-01	gimp	2012-08-20
Scientific Linux	SL-cups-20120321	cups	2012-03-21
Oracle	ELSA-2012-0302	cups	2012-03-07
Debian	DSA-2426-1	gimp	2012-03-06
Red Hat	RHSA-2012:0302-03	cups	2012-02-21
Scientific Linux	SL-cups-20111206	cups	2011-12-06
Red Hat	RHSA-2011:1635-03	cups	2011-12-06
Debian	DSA-2354-1	cups	2011-11-28
Mandriva	MDVSA-2011:167	gimp	2011-11-04
openSUSE	openSUSE-SU-2011:1152-1	gimp	2011-10-18
Mandriva	MDVSA-2011:146	cups	2011-10-11
Ubuntu	USN-1214-1	gimp	2011-09-22
Ubuntu	USN-1207-1	cups, cupsys	2011-09-14
Fedora	FEDORA-2011-11221	cups	2011-08-19
Fedora	FEDORA-2011-11318	pl	2011-08-23
Fedora	FEDORA-2011-11305	pl	2011-08-23
Fedora	FEDORA-2011-11197	cups	2011-08-19
Fedora	FEDORA-2011-10782	gimp	2011-08-13
Fedora	FEDORA-2011-10788	gimp	2011-08-13