CVE-2012-3403
Published: 25 August 2012
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gimp Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Released
(2.6.8-2ubuntu1.5)
|
|
| natty |
Released
(2.6.11-1ubuntu6.3)
|
|
| oneiric |
Released
(2.6.11-2ubuntu4.1)
|
|
| precise |
Released
(2.6.12-1ubuntu1.1)
|
|
| upstream |
Needed
|
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2012-1180.html vendor: https://rhn.redhat.com/errata/RHSA-2012-1181.html upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-cel.c?id=797db58b94c64f418c35d38b7a608d933c8cebef upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-cel.c?id=b772d1b84c9272bb46ab9a21db4390e6263c9892 upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-cel.c?id=69b98191cf315bcf0f7b8878896c01600e67c124 upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-cel.c?id=86f4cd39bd493c88a7a19b56d1827d8b911e07f6 upstream: http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-cel.c?id=7666e5cf36b037e8da11f9535c73f4eeb24b49cd |
||
References
- http://www.securitytracker.com/id?1027411
- http://www.openwall.com/lists/oss-security/2012/08/20/7
- http://secunia.com/advisories/50296
- http://rhn.redhat.com/errata/RHSA-2012-1181.html
- http://rhn.redhat.com/errata/RHSA-2012-1180.html
- https://ubuntu.com/security/notices/USN-1559-1
- https://www.cve.org/CVERecord?id=CVE-2012-3403
- NVD
- Launchpad
- Debian