PublicDateAtUSN: 2012-11-27
Candidate: CVE-2012-5576
PublicDate: 2012-12-18 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576
 http://www.openwall.com/lists/oss-security/2012/11/21/2
 https://ubuntu.com/security/notices/USN-1659-1
Description:
 Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump
 (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of
 service (crash) and possibly execute arbitrary code via a large (1) red,
 (2) green, or (3) blue color mask in an XWD file.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.gnome.org/show_bug.cgi?id=687392
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693977
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_gimp:
 upstream: http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
upstream_gimp: needed
hardy_gimp: ignored (reached end-of-life)
lucid_gimp: released (2.6.8-2ubuntu1.6)
oneiric_gimp: released (2.6.11-2ubuntu4.2)
precise_gimp: released (2.6.12-1ubuntu1.2)
quantal_gimp: released (2.8.2-1ubuntu1.1)
devel_gimp: released (2.8.2-1ubuntu2)