CVE-2013-1913

Priority
Medium
Description
Integer overflow in the load_image function in file-xwd.c in the X Window
Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before
2.24, allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a large color entries value in an X
Window System (XWD) image dump.
References
Bugs
Assigned-to
mdeslaur
Package
Source: gimp (LP Ubuntu Debian)
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.6.12-1ubuntu1.3)
Ubuntu 12.10 (Quantal Quetzal):released (2.8.2-1ubuntu1.2)
Ubuntu 13.04 (Raring Ringtail):released (2.8.4-1ubuntu1.1)
Ubuntu 13.10 (Saucy Salamander):released (2.8.6-1ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.8.6-1ubuntu2)
Patches:
Upstream:https://git.gnome.org/browse/gimp/commit/?id=32ae0f83e5748299641cceaabe3f80f1b3afd03e
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-19 19:14:31 UTC (commit 7570)