Info

Disclosure

Jul 06, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Gimp. The xcf_load_vector() function fails to handle XCF files with a large 'num_axes' value resulting in a buffer overflow. With a specially crafted XCF file, an attacker can execute remote arbitrary code or cause denial of service resulting in a loss of integrity or availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation, Other
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.2.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Gimp	Gimp	2.2.11
		2.3.9

References

CVE ID: 2006-3404 (see also: NVD)
Secunia Advisory ID: 20976 20979 21069 21104 21170 21182 21198 21459 23044
SCIP VulDB ID: 2359
VUPEN Advisory: ADV-2006-2703
Vendor Specific News/Changelog Entry: http://bugzilla.gnome.org/show_bug.cgi?id=346742
Vendor Specific Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Aug/0003.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102720-1
https://issues.rpath.com/browse/RPL-522
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200607-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:127
http://www.ubuntu.com/usn/usn-312-1
http://www.us.debian.org/security/2006/dsa-1116
Vendor URL: http://www.gimp.org/
RedHat RHSA: RHSA-2006:0598

Credit

Henning Makholm -

Direct URL: http://osvdb.org/36218