blob: 88ca280604aa3c455e95fdea60be90bfe85bc213 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200705-08">
<title>GIMP: Buffer overflow</title>
GIMP is vulnerable to a buffer overflow which may lead to the execution of
arbitrary code.
<product type="ebuild">gimp</product>
<announced>May 07, 2007</announced>
<revised>May 07, 2007: 01</revised>
<package name="media-gfx/gimp" auto="yes" arch="*">
<unaffected range="ge">2.2.14</unaffected>
<vulnerable range="lt">2.2.14</vulnerable>
GIMP is the GNU Image Manipulation Program.
Marsu discovered that the "set_color_table()" function in the SUNRAS
plugin is vulnerable to a stack-based buffer overflow.
<impact type="normal">
An attacker could entice a user to open a specially crafted .RAS file,
possibly leading to the execution of arbitrary code with the privileges
of the user running GIMP.
There is no known workaround at this time.
All GIMP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/gimp-2.2.14&quot;</code>
<uri link="">CVE-2007-2356</uri>
<metadata tag="submitter" timestamp="Sun, 06 May 2007 21:00:37 +0000">
<metadata tag="bugReady" timestamp="Sun, 06 May 2007 21:03:26 +0000">