This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Updated gimp packages fix security vulnerabilities :
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the GIMP's GIF image format plug-in. An attacker could create
a specially crafted GIF image file that, when opened, could cause the
GIF plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP (CVE-2012-3481).
A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
file format plug-in. An attacker could create a specially crafted KiSS
palette file that, when opened, could cause the CEL plug-in to crash
or, potentially, execute arbitrary code with the privileges of the
user running the GIMP (CVE-2012-3403).
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via
a malformed XTENSION header of a .fit file, as demonstrated using a
long string. (CVE-2012-3236)
GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading
XWD files, which could lead even to arbitrary code execution
Additionally it fixes partial translations in several languages.
This gimp update provides the stable maintenance release 2.8.2 which
fixes the above security issues.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false