Mandriva Linux Security Advisory : gimp (MDVSA-2011:103)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities was discovered and fixed in gimp :

Stack-based buffer overflow in the 'LIGHTING EFFECTS > LIGHT' plugin
in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via
a long Position field in a plugin configuration file. NOTE: it may be
uncommon to obtain a GIMP plugin configuration file from an untrusted
source that is separate from the distribution of the plugin itself
(CVE-2010-4540).

Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP
2.6.11 allows user-assisted remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
long Number of lights field in a plugin configuration file. NOTE: it
may be uncommon to obtain a GIMP plugin configuration file from an
untrusted source that is separate from the distribution of the plugin
itself (CVE-2010-4541).

Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows
user-assisted remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a long
Foreground field in a plugin configuration file. NOTE: it may be
uncommon to obtain a GIMP plugin configuration file from an untrusted
source that is separate from the distribution of the plugin itself
(CVE-2010-4542).

Heap-based buffer overflow in the read_channel_data function in
file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE
compression) image file that begins a long run count at the end of the
image (CVE-2010-4543, CVE-2011-1782).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 54919 ()

Bugtraq ID: 45647

CVE ID: CVE-2010-4540
CVE-2010-4541
CVE-2010-4542
CVE-2010-4543
CVE-2011-1782

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now