Mandriva Linux Security Advisory : gimp (MDVSA-2013:082)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated gimp packages fix security vulnerabilities :

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the GIMP's GIF image format plug-in. An attacker could create
a specially crafted GIF image file that, when opened, could cause the
GIF plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP (CVE-2012-3481).

A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
file format plug-in. An attacker could create a specially crafted KiSS
palette file that, when opened, could cause the CEL plug-in to crash
or, potentially, execute arbitrary code with the privileges of the
user running the GIMP (CVE-2012-3403).

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via
a malformed XTENSION header of a .fit file, as demonstrated using a
long string. (CVE-2012-3236)

GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading
XWD files, which could lead even to arbitrary code execution
(CVE-2012-5576).

Additionally it fixes partial translations in several languages.

This gimp update provides the stable maintenance release 2.8.2 which
fixes the above security issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66096 ()

Bugtraq ID: 54246
55101
56647

CVE ID: CVE-2012-3236
CVE-2012-3403
CVE-2012-3481
CVE-2012-5576

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now