Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 20 Aug 2012 08:29:49 -0400 (EDT)
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: oss-security@...ts.openwall.com, Nils Philippsen <nils@...hat.com>
Subject: The Gimp CEL plug-in CVE-2012-3403 issue

Hello vendors,

  see below a report about the GIMP's CEL plug-in CVE-2012-3403 issue:
----------------------------------------------------------------------
Summary: Gimp (CEL plug-in): heap buffer overflow when loading external palette files

CVE: CVE-2012-3403

Description:
A heap-based buffer overflow flaw, leading to invalid free, was found in the
way KiSS CEL file format plug-in of Gimp, the GNU Image Manipulation Program,
performed loading of certain palette files. A remote attacker could provide
a specially-crafted KiSS palette file that, when opened in Gimp would cause
the CEL plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the gimp executable.

CVSSv2: 6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected versions: All up to the latest upstream one

Patch:
------
See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3403
    https://bugzilla.redhat.com/show_bug.cgi?id=839020#c19

for patchset covering upstream v2.2.x, v2.6.x, v2.8.x, and current
master branch versions.

Credit:
1, Issue found by: Murray McAllister,  Red Hat Security Response Team
2, Reproducer by:  Murray McAllister,  Red Hat Security Response Team 

----------------------------------------------------------------------

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ