Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Gentoo: GLSA-202104-02 Normal: GIMP Security Vulnerabilities Detected

gentoo
Calendar Grey March 6, 2016
Dist Gentoo Esm H88
GIMP on Gentoo shows multiple vulnerabilities tied to buffer overflows, risking arbitrary code execution or facilitating Denial of Service (DoS) attacks. Immediate action is essential
GIMP is vulnerable to multiple buffer overflows which could result in the execution of arbitrary code or Denial of Service.

Summary

GIMP's network server, scriptfu, is vulnerable to the remote execution of arbitrary code via the python-fu-eval command due to not requiring authentication. Additionally, the X Window Dump (XWD) plugin is vulnerable to multiple buffer overflows possibly allowing the remote execution of arbitrary code or Denial of Service. The XWD plugin is vulnerable due to not validating large color entries.

Topics%20covered

Topics Covered

security advisory Gentoo buffer overflow arbitrary code execution GIMP Denial of Service normal severity

Resolution

All GIMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.8.0"

References

[ 1 ] CVE-2012-4245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4245 [ 2 ] CVE-2013-1913 https://www.cve.org/CVERecord?id=CVE-2013-1913 [ 3 ] CVE-2013-1978 https://www.cve.org/CVERecord?id=CVE-2013-1978

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201603-01
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: GIMP: Multiple vulnerabilities
Date: March 06, 2016
Bugs: #434582, #493372
ID: 201603-01

Topics%20covered

Topics Covered

security advisory Gentoo buffer overflow arbitrary code execution GIMP Denial of Service normal severity

Synopsis

GIMP is vulnerable to multiple buffer overflows which could result in the execution of arbitrary code or Denial of Service.

Background

GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/gimp < 2.8.0 >= 2.8.0

Impact

===== A remote attacker could possibly execute arbitrary code with the privileges of the process due or perform a Denial of Service.

Workaround

There is no known work around at this time.

Related News

Your message here