OSVDB ID: 74539

Title: GIMP plug-ins/common/file-gif-load.c LZWReadByte() Function GIF File Handling Overflow

Info

Disclosure

Aug 13, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 12, 2011

Description

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Red Hat has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

Security Tracker: 1025929
CVE ID: 2011-2896 (see also: NVD)
Secunia Advisory ID: 45621 45713 45750 45900 45945 45948 46024 46151 46409 46448 46479 47000 47054 47150 48236 48308 50324 50358 50737
Bugtraq ID: 49148
Vendor Specific News/Changelog Entry: http://blogs.oracle.com/sunsecurity/entry/cve_2011_2896_buffer_overflow
http://cups.org/str.php?L3867
http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064398.html
http://www.debian.org/security/2012/dsa-2426
http://www.gentoo.org/security/en/glsa/glsa-201209-23.xml
http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4
http://www.ubuntu.com/usn/usn-1207-1/
http://www.ubuntu.com/usn/usn-1214-1
https://bugzilla.redhat.com/show_bug.cgi?id=727800
https://bugzilla.redhat.com/show_bug.cgi?id=730338
Mail List Post: http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html
Other Advisory URL: http://www.debian.org/security/2011/dsa-2354
http://www.mandriva.com/security/advisories?name=MDVSA-2011:146
http://www.mandriva.com/security/advisories?name=MDVSA-2011:167
http://www.openwall.com/lists/oss-security/2011/08/10/10
Vendor Specific Advisory URL: http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4
http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_XRX12-002_v1.1.pdf
https://hermes.opensuse.org/messages/12106220
https://hermes.opensuse.org/messages/12111069
https://hermes.opensuse.org/messages/12111509
https://hermes.opensuse.org/messages/12119696
Vendor Specific Solution URL: http://www.swi-prolog.org/git/packages/xpce.git/commitdiff/30fbc4e030cbef5871e1b96c31458116ce3e2ee8
http://www.swi-prolog.org/git/packages/xpce.git/commitdiff/bb328029beb148691edc031d9db9cf0a503c8247
RedHat RHSA: RHSA-2011:1635 RHSA-2012-1181 RHSA-2012:1180

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/74539