CVE-2010-4541

Priority
Description
Stack-based buffer overflow in the loadit function in
plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP
2.6.11 allows user-assisted remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a long "Number
of lights" field in a plugin configuration file. NOTE: it may be uncommon
to obtain a GIMP plugin configuration file from an untrusted source that is
separate from the distribution of the plugin itself.
Notes
Package
Source: gimp (LP Ubuntu Debian)
Upstream:needs-triage
Patches:
Upstream:http://git.gnome.org/browse/gimp/commit/?id=7fb0300e1cfdb98a3bde54dbc73a0f3eda375162
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#stack-protector
More Information

Updated: 2020-09-10 01:39:18 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)