MDKSA-2006:127

Package name

gimp

Date

2006-07-18

Advisory ID

MDKSA-2006:127

Affected versions

2006.0 i586 , 2006.0 x86_64

Problem description

A buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c
for gimp 2.2.x allows user-complicit attackers to cause a denial of
service (crash) and possibly execute arbitrary code via an XCF file
with a large num_axes value in the VECTORS property.

Updated packages have been patched to correct this issue.

Updated packages

2006.0 i586

 ef770a8f1e5b894589b8f591486e00b9  2006.0/RPMS/gimp-2.2.8-6.1.20060mdk.i586.rpm
 f39e2f6d7bd2e88e47b696b58aa8023b  2006.0/RPMS/gimp-python-2.2.8-6.1.20060mdk.i586.rpm
 465e5b21384bc501d2e991922695811f  2006.0/RPMS/libgimp2.0_0-2.2.8-6.1.20060mdk.i586.rpm
 1df661eb0a251358f5bc7c6e35929b71  2006.0/RPMS/libgimp2.0-devel-2.2.8-6.1.20060mdk.i586.rpm
 708dd714d5514cfb89a947bca6604b73  2006.0/SRPMS/gimp-2.2.8-6.1.20060mdk.src.rpm

2006.0 x86_64

 20fe9e1f09f22f770c608303edfad886  x86_64/2006.0/RPMS/gimp-2.2.8-6.1.20060mdk.x86_64.rpm
 a61b7e401cf01bb3715702d557b0fca6  x86_64/2006.0/RPMS/gimp-python-2.2.8-6.1.20060mdk.x86_64.rpm
 e1d614c2befbec26c478eb1303ad887e  x86_64/2006.0/RPMS/lib64gimp2.0_0-2.2.8-6.1.20060mdk.x86_64.rpm
 8b7168186005e221d8aa58d37349d36d  x86_64/2006.0/RPMS/lib64gimp2.0-devel-2.2.8-6.1.20060mdk.x86_64.rpm
 708dd714d5514cfb89a947bca6604b73  x86_64/2006.0/SRPMS/gimp-2.2.8-6.1.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404