1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
PublicDateAtUSN: 2012-08-25
Candidate: CVE-2012-3403
PublicDate: 2012-08-25
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3403
http://www.securitytracker.com/id?1027411
http://www.openwall.com/lists/oss-security/2012/08/20/7
http://secunia.com/advisories/50296
http://rhn.redhat.com/errata/RHSA-2012-1181.html
http://rhn.redhat.com/errata/RHSA-2012-1180.html
http://www.ubuntu.com/usn/usn-1559-1
Description:
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP
2.8.x and earlier allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a crafted KiSS palette file, which
triggers an "invalid free."
Ubuntu-Description:
Notes:
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685397
https://bugzilla.redhat.com/show_bug.cgi?id=839020
Priority: medium
Discovered-by: Murray McAllister
Assigned-to: mdeslaur
Patches_gimp:
vendor: https://rhn.redhat.com/errata/RHSA-2012-1180.html
vendor: https://rhn.redhat.com/errata/RHSA-2012-1181.html
upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-cel.c?id=797db58b94c64f418c35d38b7a608d933c8cebef
upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-cel.c?id=b772d1b84c9272bb46ab9a21db4390e6263c9892
upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-cel.c?id=69b98191cf315bcf0f7b8878896c01600e67c124
upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-cel.c?id=86f4cd39bd493c88a7a19b56d1827d8b911e07f6
upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-cel.c?id=7666e5cf36b037e8da11f9535c73f4eeb24b49cd (backporting)
upstream_gimp: needed
hardy_gimp: ignored (reached end-of-life)
lucid_gimp: released (2.6.8-2ubuntu1.5)
natty_gimp: released (2.6.11-1ubuntu6.3)
oneiric_gimp: released (2.6.11-2ubuntu4.1)
precise_gimp: released (2.6.12-1ubuntu1.1)
devel_gimp: released (2.8.0-2ubuntu3)
|