This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in gimp :
A heap-based buffer overflow flaw, leading to invalid free, was found
in the way KISS CEL file format plug-in of Gimp, the GNU Image
Manipulation Program, performed loading of certain palette files. A
remote attacker could provide a specially crafted KISS palette file
that, when opened in Gimp would cause the CEL plug-in to crash or,
potentially, execute arbitrary code with the privileges of the user
running the gimp executable (CVE-2012-3403).
Integer overflow, leading to heap-based buffer overflow flaw was found
in the GIMP's GIF (Graphics Interchange Format) image file plug-in. An
attacker could create a specially crafted GIF image file that, when
opened, could cause the GIF plug-in to crash or, potentially, execute
arbitrary code with the privileges of the user running the GIMP
The updated gimp packages have been upgraded to the 2.6.12 version and
patched to correct these issues.
Additionally for Mandriva Enterprise server 5 the gegl packages was
upgraded to the 0.0.22 version and rebuilt for ffmpeg 0.5.9, the
enscript packages was added because of a build dependency, the
gutenprint and mtink packages was rebuilt against the gimp 2.6.12
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false