oss-sec mailing list archives
Re: CVE Request: Gimp memory corruption vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 26 Nov 2012 22:52:26 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/21/2012 10:19 AM, Andrés Gómez Ramírez wrote:
Hello, could a CVE be assigned to this issue? Name: Gimp memory corruption vulnerability Software: GIMP 2.8.2 Software link: http://www.gimp.org/ <http://plib.sourceforge.net/> Vulnerability Type: Memory Corruption Description: GIMP 2.8.2 is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Upstream fix: http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
(fixed in master and gimp-2-8)
References: https://bugzilla.gnome.org/show_bug.cgi?id=687392 Thanks, Andres Gomez.
Apology for the delay, I had some mail filter issues that I have now fixed so I won't miss these in future. Also if there were any other CVE requests that were also CC'ed to full-disclosure or Bugtraq that I haven't dealt with please ping me and I'll get to them asap. Please use CVE-2012-5576for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQtFUaAAoJEBYNRVNeJnmTnsoP+weCng3Etwm0gQZE/XsfCkee 5bv8tZx2IoAqmXcwwjFtJBUUEyW4FOvvWqemDOTu2CbxJHH8BDcG7B/IeiBZuOBs rKuqqHx4rwEMyl/pFAmL7TtxVSEm4RjKe6RS/52IZOpFVK53XZfO7o/BtRnAsitV sVknVeq+WH+xxFFU6jrpvXqju0aWEo1Q4I4S/uGh9F1WtEhGMUvbBXgBKFQL23X5 abKPpAhF807E9mhLTFOoJ/sts6L1waw5+hXAvp8LCY9pVtM6pf+VD0Gj8xIW7wP4 wgGC2i8N4xgEohsmCzvznWDqfD5BNrFFIUguceTl/uF+PL0wKo0Nxyf+0RQOx8e1 EQ5+3j3Q0BHXwIEA2CArIV0g4LPBJ0sJNH+bSTR6Iiz0j2Gm1VbB9GJ7hSNF5cJ/ sXVtM9dUMdpBxKfjQeyvb4lXFLKZg8875NooGHFFinMSMjV97p6/rt6atEj76HVD tfLK9IBh/lm8V31L56YeegzKq0OkkdIC9pZGw+ATj66WyfTAQZxsdlGl58S9umVS PcFjON3sAn0O5RGAEDpyxbMMUHRbW3d/UkilA5lcqJ2XPDeILcvr5HYz5Pikkltg JDAbZuQV46ohmXZERjNF4hUY8VWeU4a6rk1wU11wJB4UD+sSpXjvBZoSj9EIdSjO MWz9hgNy/as5Qi6aOBEE =kBhU -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Gimp memory corruption vulnerability Andrés Gómez Ramírez (Nov 21)
- Re: CVE Request: Gimp memory corruption vulnerability Kurt Seifried (Nov 26)