Debian DSA-2426-1 : gimp - several vulnerabilities

high Nessus Plugin ID 58250
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program.

- CVE-2010-4540 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the 'LIGHTING EFFECTS & LIGHT' plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long 'Position' field in a plugin configuration file.

- CVE-2010-4541 Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the 'SPHERE DESIGNER' plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long 'Number of lights' field in a plugin configuration file.

- CVE-2010-4542 Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in the GFIG plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long 'Foreground' field in a plugin configuration file.

- CVE-2010-4543 Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image.

- CVE-2011-1782 The correction for CVE-2010-4543 was incomplete.

- CVE-2011-2896 The LZW decompressor in the LZWReadByte function in plug-ins/common/file-gif-load.c does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream.

Solution

Upgrade the gimp packages.

For the stable distribution (squeeze), these problems have been fixed in version 2.6.10-1+squeeze3.

See Also

https://security-tracker.debian.org/tracker/CVE-2010-4540

https://security-tracker.debian.org/tracker/CVE-2010-4541

https://security-tracker.debian.org/tracker/CVE-2010-4542

https://security-tracker.debian.org/tracker/CVE-2010-4543

https://security-tracker.debian.org/tracker/CVE-2011-1782

https://security-tracker.debian.org/tracker/CVE-2010-4543

https://security-tracker.debian.org/tracker/CVE-2011-2896

https://packages.debian.org/source/squeeze/gimp

https://www.debian.org/security/2012/dsa-2426

Plugin Details

Severity: High

ID: 58250

File Name: debian_DSA-2426.nasl

Version: 1.9

Type: local

Agent: unix

Published: 3/7/2012

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:gimp, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/6/2012

Reference Information

CVE: CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543, CVE-2011-1782, CVE-2011-2896

BID: 45647, 48277, 49148

DSA: 2426