[Security-team] [Fwd: [SA20976] Gimp XCF Parsing Buffer Overflow Vulnerability]

[Alexey Borovskoy]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TITLE:
Gimp XCF Parsing Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA20976

VERIFY ADVISORY:
http://secunia.com/advisories/20976/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
>From remote

SOFTWARE:
GIMP 2.x
http://secunia.com/product/2922/

DESCRIPTION:
Henning Makholm has reported a vulnerability in Gimp, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.

The vulnerability is caused due to a boundary error in the
"xcf_load_vector()" function when loading XCF files. This can be
exploited to cause a stack-based buffer overflow when a specially
crafted XCF file with a  large "num_axes" value is opened.

Successful exploitation may allow arbitrary code execution.

The vulnerability has been reported for versions 2.2.11 and 2.3.9.
Other versions may also be affected.

SOLUTION:
Update to version 2.2.12.

PROVIDED AND/OR DISCOVERED BY:
Henning Makholm

ORIGINAL ADVISORY:
http://bugzilla.gnome.org/show_bug.cgi?id=346742

- --
Алексей.
GPG key fingerprint
949B BC0E 2C44 7528 4F63  2753 E37A 9E3F 11F3 BDE1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEr1I643qePxHzveERAiaNAJoCFzqUUbFu+V2X4KuRYqouMggcUACfWgLB
msmf1sfbwvtSLk0KzxTFAEs=
=10fZ
-----END PGP SIGNATURE-----