blob: 9cba5cae0684a02ca865136925e68a11c89a8620 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200707-09">
<title>GIMP: Multiple integer overflows</title>
Multiple vulnerabilities have been discovered in GIMP, allowing for the
remote execution of arbitrary code.
<product type="ebuild">gimp</product>
<announced>July 25, 2007</announced>
<revised>July 25, 2007: 01</revised>
<package name="media-gfx/gimp" auto="yes" arch="*">
<unaffected range="ge">2.2.16</unaffected>
<vulnerable range="lt">2.2.16</vulnerable>
GIMP is the GNU Image Manipulation Program.
Sean Larsson from iDefense Labs discovered multiple integer overflows
in various GIMP plugins (CVE-2006-4519). Stefan Cornelius from Secunia
Research discovered an integer overflow in the
seek_to_and_unpack_pixeldata() function when processing PSD files
<impact type="normal">
A remote attacker could entice a user to open a specially crafted image
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running GIMP.
There is no known workaround at this time.
All GIMP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/gimp-2.2.16&quot;</code>
<uri link="">CVE-2006-4519</uri>
<uri link="">CVE-2007-2949</uri>
<metadata tag="requester" timestamp="Wed, 11 Jul 2007 20:14:16 +0000">
<metadata tag="submitter" timestamp="Sun, 15 Jul 2007 18:21:17 +0000">
<metadata tag="bugReady" timestamp="Sun, 15 Jul 2007 18:21:44 +0000">