oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Gimp memory corruption vulnerability

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 26 Nov 2012 22:52:26 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/21/2012 10:19 AM, Andrés Gómez Ramírez wrote:

Hello, could a CVE be assigned to this issue?

Name: Gimp memory corruption vulnerability Software: GIMP 2.8.2 
Software link: http://www.gimp.org/ <http://plib.sourceforge.net/> 
Vulnerability Type: Memory Corruption

Description:

GIMP 2.8.2 is vulnerable to memory corruption when reading XWD
files, which could lead even to arbitrary code execution.

Upstream fix: 
http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1



(fixed in master and gimp-2-8)


References: https://bugzilla.gnome.org/show_bug.cgi?id=687392

Thanks,

Andres Gomez.


Apology for the delay, I had some mail filter issues that I have now
fixed so I won't miss these in future.

Also if there were any other CVE requests that were also CC'ed to
full-disclosure or Bugtraq that I haven't dealt with please ping me
and I'll get to them asap.

Please use CVE-2012-5576for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQtFUaAAoJEBYNRVNeJnmTnsoP+weCng3Etwm0gQZE/XsfCkee
5bv8tZx2IoAqmXcwwjFtJBUUEyW4FOvvWqemDOTu2CbxJHH8BDcG7B/IeiBZuOBs
rKuqqHx4rwEMyl/pFAmL7TtxVSEm4RjKe6RS/52IZOpFVK53XZfO7o/BtRnAsitV
sVknVeq+WH+xxFFU6jrpvXqju0aWEo1Q4I4S/uGh9F1WtEhGMUvbBXgBKFQL23X5
abKPpAhF807E9mhLTFOoJ/sts6L1waw5+hXAvp8LCY9pVtM6pf+VD0Gj8xIW7wP4
wgGC2i8N4xgEohsmCzvznWDqfD5BNrFFIUguceTl/uF+PL0wKo0Nxyf+0RQOx8e1
EQ5+3j3Q0BHXwIEA2CArIV0g4LPBJ0sJNH+bSTR6Iiz0j2Gm1VbB9GJ7hSNF5cJ/
sXVtM9dUMdpBxKfjQeyvb4lXFLKZg8875NooGHFFinMSMjV97p6/rt6atEj76HVD
tfLK9IBh/lm8V31L56YeegzKq0OkkdIC9pZGw+ATj66WyfTAQZxsdlGl58S9umVS
PcFjON3sAn0O5RGAEDpyxbMMUHRbW3d/UkilA5lcqJ2XPDeILcvr5HYz5Pikkltg
JDAbZuQV46ohmXZERjNF4hUY8VWeU4a6rk1wU11wJB4UD+sSpXjvBZoSj9EIdSjO
MWz9hgNy/as5Qi6aOBEE
=kBhU
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: